May 17, 2012

You are here: Home / Archives for Adobe

Adobe Fixes Cross-site Scripting Vulnerability in Flex SDK

December 2, 2011 By

(LiveHacking.Com) - Adobe has published a security advisory about an “important” vulnerability in the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions on the Windows, OS X and Linux. As a result of this vulnerability applications built with the Flex SDK could be open to cross-site scripting attacks.

Adobe are recommending that developers using Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions update their software, verify whether any SWF files in their applications are vulnerable, and update any vulnerable SWF files using these instructions.

Which applications are vulnerable?

  • All web-based (not AIR-based) Flex applications built using any release of Flex 3.x (including 3.0, 3.0.1, 3.1, 3.2, 3.3, 3.4, 3.4.1, 3.5, 3.5A, and 3.6) are vulnerable.
  • Web-based (not AIR-based) Flex applications built using any release of Flex 4.x (including 4.0, 4.1, 4.5, and 4.5.1) that were compiled using static linkage of the Flex libraries rather than RSL (runtime shared library) linkage are vulnerable, except in certain cases that involve the use of embedded fonts.
  • Most Flex 4.x applications that were compiled in the default way (specifically, using RSL linkage) will not be vulnerable, but there are rare cases in which they may be vulnerable.
  • Flex applications built using any release of Flex prior to 3.0 are not vulnerable.
  • Flex applications that are AIR-based (not web-based) are not vulnerable.
  • SWF files that were created without using Flex (such as files created in Adobe Flash Professional) are not vulnerable.
Filed Under: Adobe, Adobe, Vulnerability Tagged With: , , ,

Google Releases Chrome 15.0.874.120 With a new Version of Flash Plus Various Security Fixes

November 11, 2011 By

Google has released Chrome 15.0.874.120 for Windows, Mac and  Linux with a new version of Flash. This new version of Adobe Flash player fixes several memory corruption vulnerabilities that could lead to arbitrary code execution.

Google paid out $2,000 in rewards for this version with the all of the monet going to Aki Helin of OUSPG:

  • [$500] [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG.
  • [$500] [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG.
  • [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community.
  • [$1000] [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG.
  • [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community.
  • [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416).
  • [102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).

Note that the referenced bugs are kept private by Google until a majority of Chrome users have updated.

Google also fixed the following bugs:

  • Updated V8 – 3.5.10.23
  • Fix small print sizing issues (issues: 10218682472102154)
  • Fixed the “certificate is not yet valid” error for server certificate issued by a VeriSign intermediate CA. (issue 101555) [OS X only]
Filed Under: Adobe, Chrome, Google, Vulnerability Tagged With: , , , ,

Microsoft Plugs TCP/IP Hole While Adobe Fixes Critical Vulnerabilities in Shockwave

November 9, 2011 By

(LiveHacking.Com) - Microsoft has issued four security bulletins to address four vulnerabilities in its Windows operating system including a ‘Critical’ vulnerability in TCP/IP.

The networking flaw, which was reported privately to Microsoft, could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. Successful exploitation of MS11-083 would let an attacker run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The flaw exists in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 but not in Windows XP or Windows Server 2003.

The remaining three bulletins are as follows:

MS11-085Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

MS11-086< – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.

MS11-084Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Adobe Shockwave Player

Whilst Microsoft was busy fixing its networking code, Adobe posted a security bulletin about its Shockwave Player.

Critical vulnerabilities exist in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and OS X. Successful exploitation would let an attacker run arbitrary code.

A new version of Shockwave Player is available which:

  • Resolves a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446).
  • Fixes a memory corruption vulnerability that could lead to code execution (CVE-2011-2447).
  • Resolves a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448).
  • Fixes multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).
Filed Under: Adobe, Adobe, Microsoft, Microsoft, Vulnerability Tagged With: , , , ,

Adobe Change Flash Player Settings Manager To Stop Clickjacking

October 21, 2011 By

(LiveHacking.Com) - Adobe has made changes to the Flash Player Settings Manager SWF file hosted on the Adobe website in response to a vulnerability that allowed any website to turn on your webcam and microphone without your knowledge or consent.

Feross Aboukhadijeh, a Stanford University computer science student, found that a maliciously crafted web page could use the vulnerability for a “clickjacking” attack which resulted in the webcam and microphone being activated and so allowing a remote attacker to spy on the victim.

The way the attack works is to load the Flash Player Settings Manager SWF file into an iFrame and then making it invisible using CSS. Then, the unsuspecting user plays a little game and unwittingly enable their webcam.

The fix applied by Adobe requires no user action or Flash Player product update.

Filed Under: Adobe, Adobe, Vulnerability Tagged With: , , , ,

Flash 11 to Add New Security Features

September 23, 2011 By

(LiveHacking.Com) - Adobe has announced that Flash Player 11 will be released in October and will contain lots of new  features for gaming, media and data-driven applications. It will also include several important security features.

The first major new feature Adobe are adding is support for SSL socket connections, which will make it easier for developers to protect the data they stream over the Flash Player raw socket connections.

Flash 11 will also include a new secure random number generator. Previously only a simple random number generator  was provided, it was OK for games, but it wasn’t good enough for cryptography. The new random number generator API hooks the cryptographic provider of the host device, such as the CryptGenRandom function in Microsoft CAPI on Windows, for generating the random number. The native OS cryptographic providers have better sources of entropy and have been peer reviewed by industry experts.

Flash 11 will have full native 64-bit support for 64-bit browsers on Linux, Mac OS, and Windows, as a result when Flash is used with a 64-bit browser that supports address space layout randomization (ASLR), users will be protected by full 64-bit ASLR.

Filed Under: Adobe Tagged With: , , ,

New Version of Flash Coming to Fix Zero-day Vulnerability – Google Releases Updated Chrome First

September 21, 2011 By

(LiveHacking.Com) - Adobe will release an out of cycle update to Flash to address critical security issues. The update will also fix a universal cross-site scripting issue that is reportedly being exploited in the wild.

Although not all the details are available yet, it is likely (since this is an out of cycle release) that this vulnerability, if exploited, would allow malicious native-code to execute, potentially without a user being aware.

Google is one step ahead of Adobe and has released a new version of its Chrome web browser, which has a built-in version of Flash, to address what it calls “a zero-day vulnerability” in Flash Player:

The Beta and Stable channels have been updated to 14.0.835.186 for Windows, Mac, Linux, and Chrome Frame. This release includes an update to Flash Player that addresses a zero-day vulnerability.

Filed Under: Adobe, Adobe, Chrome, Chrome, Flash Player, Vulnerability Tagged With: , , , ,

Adobe Updates Acrobat to Fix Security Problems; Also Revokes Trust in DigiNotar

September 16, 2011 By

(LiveHacking.Com) - Adobe has released an update to Acrobat and Acrobat Reader to fix various Critical vulnerabilities. Affected versions are Adobe Reader X (10.1) and Adobe Acrobat X (10.1) including earlier versions for Windows and OS X, Adobe Reader 9.4.2 and earlier versions for UNIX. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

The specific problems fixed are:

  • A local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).
  • A security bypass vulnerability that could lead to code execution (CVE-2011-2431).
  • A buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).
  • Heap overflows that could lead to code execution (CVE-2011-2433, CVE-2011-2434).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).
  • A heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).
  • Three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).
  • A memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).
  • A use-after-free vulnerability that could lead to code execution (CVE-2011-2440).
  • Two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).
  • A logic error vulnerability that could lead to code execution (CVE-2011-2442).

Simultaneously Adobe removed the DigiNotar root certificate from its trust list:

Adobe takes the security and trust of our users very seriously. Based on the nature of the breach, Adobe is now taking the action to remove the DigiNotar Qualified CA from the Adobe Approved Trust List.

This update has been published for Adobe Reader and Acrobat X which include a trust list that Adobe can dynamically manage without requiring a product update/patch.  A future product update of Adobe Reader and Acrobat version 9.x will also enable dynamic updates of the AATL.

Filed Under: Adobe, Adobe, Vulnerability Tagged With: , , , ,

Adobe Releases Critical Security Bulletins for Shockwave, Flash Media Server and Photoshop

August 11, 2011 By

(LiveHacking.Com) - Following Google’s update of Chrome to include a new version of Adobe Flash Player,  Adobe has now released additional  security bulletins listing critical and important vulnerabilities in multiple products including Shockwave, Flash Media Server and Photoshop. The full list is:

  • Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems
  • Adobe Flash Media Server 4.0.2 and earlier versions
  • Adobe Flash Media Server 3.5.6 and earlier versions for Windows and Linux
  • Adobe Photoshop CS5 and CS5.1 and earlier for Windows and Macintosh
  • RoboHelp 9.0.1.233 and earlier, RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, take control of an affected system, or perform a cross-site scripting attack.

Memory corruptions

With the exception of RoboHelp, all the patches fix memory corruptions which if exploited could lead to execute arbitrary code. For example, the vulnerability in Photoshop CS5 and CS5.1, for Windows and Macintosh, could be exploited with a malicious .GIF file when it is opened in Photoshop by the user.

Filed Under: Adobe, Adobe, Vulnerability Tagged With: , , ,

Google Ships Chrome 13.0.782.112 With a New Version of Flash

August 10, 2011 By

(LiveHacking.Com) – The Google Chrome web browser has been updated to 13.0.782.112 to include an updated version of Flash Player.  According to the Adobe security bulletin this new version of Flash Player (10.3.183.5) fixes critical vulnerabilities in Flash Player 10.3.181.36 and earlier versions.  These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is not aware of any exploits ‘in the wild’ for the issues addressed in this update.

The list of fixes are as follows:

  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2130).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2134).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2135).
  • An integer overflow vulnerability that could lead to code execution (CVE-2011-2136).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2137).
  • An integer overflow vulnerability that could lead to code execution (CVE-2011-2138).
  • A cross-site information disclosure vulnerability that could lead to code execution (CVE-2011-2139).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2140).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2414).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2415).
  • An integer overflow vulnerability that could lead to code execution (CVE-2011-2416).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2417).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2425).

 

 

Filed Under: Adobe, Adobe, Chrome, Chrome, Vulnerability Tagged With: , , ,

Black Hat: Document Exploit Techniques

August 4, 2011 By

(LiveHacking.Com) - Sung-ting Tsai (AKA TT) and Ming-chieh Pan have demonstrated, live at the Black Hat conference, multiple ways in which Microsoft Word documents can be exploited and used to deliver malware.

Although Microsoft has implemented multiple security measures in Office and Windows, it is still possible to craft documents to exploit vulnerabilities in other media embedded in the files. For example a hybrid document can be created with an embedded Flash file and it is the Flash file which opens the way for the exploitation.

Although Adobe has also strengthened Flash by adding sandboxing to limit the ability of potential rogue processes to access local files, TT demonstrated a way to get around the new measures by using an mms:// link that will make Windows open IE, which in turn will cause Windows Media Player to open. Using that simple workaround, TT said that an attacker could create an attack that might be able to steal user’s cookies, passwords or other information.

Filed Under: Adobe, Microsoft Tagged With:
« Older Posts
Newer Posts »