1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Malicious SWF Download 5

Web Attack: Malicious SWF Download 5

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in Adobe Flash Player.

Additional Information

Adobe Flash Player is an application for playing Flash media files.

Flash Player is prone to a remote buffer-overflow vulnerability when processing SWF files with the 'DefineSceneAndFrameLabelData' tag (tag ID 0x56). The issue stems from an integer overflow when calculating pointers. Attackers can use this issue to write to arbitrary memory locations.

An attacker can exploit the issue by enticing an unsuspecting victim to open a specially crafted multimedia file with the vulnerable application.

Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0.

Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.

Affected

  • Adobe Flash Player 9.0.115.0 and earlier versions are affected.

Response

The vendor released Flash Player 9.0.124.0 to address this issue. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube