Keep Your Eyes on This Adobe 0-Day

A new Adobe exploit is circulating via Flash movies in the last day or so. Looks like the vulnerability is present across many Adobe products and can be exploited on Android, Linux, Windows and OS X.

Here is a link to the Dark Reading article about the issue.

You can also find the Adobe official alert here.

As this matures and evolves and gets patched, it is a good time to double check your patching process for workstation and server 3rd party software. That should now be a regular patching process like your ongoing operating system patches at this point. If not, then it is time to make it so.

Users of HoneyPoint Wasp should be able to easily any systems compromised via this attack vector using the white listing detection mechanism. Keep a closer than usual eye out for suspicious new processes running on workstations until the organization has applied the patch across the workstation environment.

InstallShield ActiveX Vuln, WP-Download SQL Injection

There’s a SQL injection in a the Wordress Download plugin. Data passed to wp-download.php is not properly sanitized before being processed by SQL. This could result in a SQL injection attack that could lead to the disclosure of usernames and passwords. WordPress admin’s should update to version 1.2.1.

There’s a major vulnerability in and activex control installed by Macrovision InstallShield InstallScript One-Click Install (OCI). The control gets installed via webpages prompting to install software. A large user base is likely affected by this. Basically, when the activex control is initiated it loads several DLL’s that are not sanity checked. These DLL’s could execute arbitrary code when loaded. This vulnerability has been confirmed in version 12.0. The following are the properties associated with the activex:

File: %WINDIR%\Downloaded Program Files\setup.exe

CLSID: 53D40FAA-4E21-459f-AA87-E4D97FC3245A

Macromedia has released a hotfix for this issue, available along with the KB entry for this vulnerability, at http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640

QuickTime 7.3.1 is available

Apple has released QuickTime 7.3.1 to address several vulnerabilities. These include the buffer overflow in RTSP, a heap buffer overflow found in QuickTime’s handling of QTL files and vulnerabilities which exist in QuickTime’s Flash media handler. Updates are available for: Mac OS X v10.3.9 or later, Windows Vista, and XP SP2. The relevant CVEs are CVE-2007-6166, CVE-2007-4706 and CVE-2007-4707 respectively.

SWF Whitepaper and VoIP Vulns

There is a guide available from Adobe on creating secure Flash applications. In the wake of the mid December Adobe Shockwave Flash vulnerabilities, Adobe has released a white paper on “Creating more secure SWF web applications”. This, combined with flash data validation libraries available from Google, allow for a complete solution to any potential vulnerabilities. Developers of Flash animations/movies/applications should take the time to read over this document and see where they could use the data validation libraries within their environment. Security teams should be testing all of their environments Flash applications for any vulnerabilities and coordinate to get these resolved. From what I’ve read, when Adobe makes the second update for these issues available early 2008, the issues will not be completely resolved in already developed Flash applications.

Here’s a link to the article http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html and the validation libraries http://code.google.com/p/flash-validators/

Also, it appears a few SIP vendors have had vulnerabilities reported in them today. Avaya is affected by two issues, one in pam and the other in OpenSSH. The issue in pam could allow for the disclosure of sensitive data, or allow the injection of characters into log entries. The issue with OpenSSH could allow arbitrary code execution (race condition) and the discovery of valid usernames. Here’s the original Avaya advisories: http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm and http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm

Asterisk is vulnerable to a Denial of Service when handling the “BYE/Also” transfer method. Exploitation requires that a dialog already be established between the two parties. Asterisk versions prior to 1.4.17 are vulnerable. The issue is fixed in version 1.4.17.