HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2006-30
Adobe Flash Player Multiple Vulnerabilities

Original issue date: September 14, 2006
Updated on: November 15, 2006

Severity Rating: High

Systems Affected

  • Macromedia Flash 8.x
  • Macromedia Flash MX 2004
  • Macromedia Flash MX Professional 2004
  • Macromedia Flash Player 7.x
  • Macromedia Flash Player 8.x
  • Macromedia Flex 1.x

Overview

Multiple vulnerabilities have been reported in Adobe Flash Player that could be exploited by an attacker to take complete control of the vulnerable system.

Description

1. Adobe Flash Player Input Validation Vulnerability (CVE-2006-3311)

The vulnerability is caused due to an unchecked buffer while handling strings dynamically generated at runtime.

The attacker could exploit this vulnerability via a long, dynamically created string in a SWF movie and could execute the arbitrary code to take complete control of the system.

2. Shockwave Flash Object Vulnerability (CVE-2006-3014)

The vulnerability is caused due to an error while invoking ActiveX control by Microsoft Office products.

Microsoft Excel allows execution of arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.

The attacker could exploit this vulnerability using "Shockwave Flash Object" and by executing Flash files containing java script embedded in office documents .

3. Adobe Flash Unspecified Vulnerability (CVE-2006-4640)

The vulnerability is caused due to an unspecified error which allows bypassing the "allowScriptAccess" option.

The attacker could exploit this vulnerability by using malicious web sites to bypass security restrictionsand could conduct a cross site scripting attack.  

Workarounds

  • Temporarily prevent the Flash Player ActiveX control from running in Internet Explorer for Windows XP Service Pack 2
  • Temporarily prevent the Flash Player ActiveX control from running in Internet Explorer
  • Modify the Access Control List on the Flash Player ActiveX control to temporarily prevent it from running in Internet Explorer
  • Un-register the Flash Player ActiveX Control
  • Restrict access to the Macromedia Flash folder by using a Software Restriction Policy
  • Change your Internet Explorer settings to prompt before running ActiveX controls or disable ActiveX controls in the Internet security zone and in the Local intranet security zone
  • Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX controls in these zones

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-069

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx

Adobe
http://www.adobe.com/support/security/bulletins/apsb06-11.html

Secunia
http://secunia.com/advisories/21865/

FrSIRT
http://www.frsirt.com/english/advisories/2006/3573

CVE Name

CVE-2006-3014
CVE-2006-3311
CVE-2006-3587
CVE-2006-3588
CVE-2006-4640

Revisions:
November 15, 2006: Workarounds, Solution and Reference.

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003