Adobe Flash Player SWF文件DeclareFunction2 ActionScript标签堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114953 漏洞类型 其他
发布时间 2008-04-08 更新时间 2009-03-10
CVE编号 CVE-2007-6019 CNNVD-ID CNNVD-200804-113
漏洞平台 Linux CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/31630
https://www.securityfocus.com/bid/28694
https://cxsecurity.com/issue/WLB-2008040017
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200804-113
|漏洞详情
FlashPlayer是一款非常流行的FLASH播放器。Flashplayer在试图访问没有正确实例化的嵌入Actionscript对象时存在堆溢出漏洞,如果攻击者恶意修改了SWF文件中的DeclareFunction2Actionscript标签的话,则用户打开该文件就可能触发堆溢出,导致以当前登录用户的权限执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/28694/info

Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/31630.rar
|受影响的产品
Turbolinux wizpy 0 Turbolinux FUJI 0 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc Sun Solaris
|参考资料

来源:XF
名称:multimedia-file-integer-overflow(37277)
链接:http://xforce.iss.net/getrecord.jsp?id=37277
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-08-032/
来源:SECTRACK
名称:1019811
链接:http://www.securitytracker.com/id?1019811
来源:BID
名称:29386
链接:http://www.securityfocus.com/bid/29386
来源:BID
名称:28695
链接:http://www.securityfocus.com/bid/28695
来源:REDHAT
名称:RHSA-2008:0221
链接:http://www.redhat.com/support/errata/RHSA-2008-0221.html
来源:OSVDB
名称:44282
链接:http://www.osvdb.org/44282
来源:MISC
链接:http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
来源:ISS
名称:20080408AdobeFlashPlayerInvalidPointerVulnerability
链接:http://www.iss.net/threats/289.html
来源:GENTOO
名称:GLSA-200804-21
链接:http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
来源:VUPEN
名称:ADV-2008-1724
链接:http://www.frsirt.com/english/advisories/2008/1724/references
来源:VUPEN
名称:ADV-2008-1697
链接:http://www.frsirt.com/english/advisories/2008/1697
来源:VUPEN
名称:ADV-2008-1662
链接:http://www.frsirt.com/english