Bug 612063 - (CVE-2010-1297) VUL-0: CVE-2010-1297: flash-player remote code exec
(CVE-2010-1297)
VUL-0: CVE-2010-1297: flash-player remote code exec
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P1 - Urgent : Critical
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:11.0:33880 maint:relea...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-07 08:24 UTC by Ludwig Nussel
Modified: 2019-05-01 15:22 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2010-06-07 08:24:52 UTC
Your friendly security team received the following report.
Please respond ASAP.
The issue is public.

Adobe reports an exploitable code execution problem that affects flash-player:
http://www.adobe.com/support/security/advisories/apsa10-01.html

---------------------------------------------------------------
Security Advisory for Flash Player, Adobe Reader and Acrobat

Release date: June 4, 2010

Vulnerability identifier: APSA10-01

CVE number: CVE-2010-1297

Platform: All

Summary

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier
versions for Windows, Macintosh, Linux and Solaris operating systems, and the
authplay.dll component that ships with Adobe Reader and Acrobat 9.x for
Windows, Macintosh and UNIX operating systems. This vulnerability
(CVE-2010-1297) could cause a crash and potentially allow an attacker to take
control of the affected system. There are reports that this vulnerability is
being actively exploited in the wild against both Adobe Flash Player, and Adobe
Reader and Acrobat. This advisory will be updated once a schedule has been
determined for releasing a fix.

Affected software versions

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions
for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh
and UNIX

Note:
The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/
technologies/flashplayer10/ does not appear to be vulnerable.
Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

MItigations

Adobe Flash Player
The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/
technologies/flashplayer10/ does not appear to be vulnerable.

Adobe Reader and Acrobat
Deleting, renaming, or removing access to the authplay.dll file that ships with
Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users
will experience a non-exploitable crash or error message when opening a PDF
file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is
typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for
Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for
Acrobat.

Severity rating

Adobe categorizes this as a critical issue.

Details

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier
versions for Windows, Macintosh, Linux and Solaris operating systems, and the
authplay.dll component that ships with Adobe Reader and Acrobat 9.x for
Windows, Macintosh and UNIX operating systems. This vulnerability
(CVE-2010-1297) could cause a crash and potentially allow an attacker to take
control of the affected system. There are reports that this vulnerability is
being actively exploited in the wild against both Adobe Flash Player, and Adobe
Reader and Acrobat.

The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/
technologies/flashplayer10/ does not appear to be vulnerable.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigation is
available for Adobe Reader and Acrobat 9.x customers as detailed above.
Comment 1 Dirk Mueller 2010-06-07 10:33:10 UTC
currently no fix is available: 

http://www.adobe.com/support/security/advisories/apsa10-01.html

swampid?
Comment 2 Dirk Mueller 2010-06-08 08:14:58 UTC
Update expected on June 10th
Comment 3 Dirk Mueller 2010-06-11 05:45:43 UTC
updates submitted, however standalone player is not yet updated !!!
Comment 4 Matthias Weckbecker 2010-06-11 08:18:20 UTC
CVEs from http://adobe.com/support/security/bulletins/apsb10-14.html:

========================================================================

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1297).
Note: There are reports that this issue is being actively exploited in the wild.

This update resolves a memory exhaustion vulnerability that could lead to code execution (CVE-2009-3793).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2160).

This update resolves an indexing vulnerability that could lead to code execution (CVE-2010-2161).

This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2010-2162).

This update resolves multiple vulnerabilities that could lead to code execution (CVE-2010-2163).

This update resolves a use after free vulnerability that could lead to code execution (CVE-2010-2164).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2165).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2166).

This update resolves multiple heap overflow vulnerabilities that could lead to code execution (CVE-2010-2167).

This update resolves a pointer memory corruption that could lead to code execution (CVE-2010-2169).

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2170).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2171).

This update resolves a denial of service issue on some UNIX platforms (Flash Player 9 only) (CVE-2010-2172).

This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2173).

This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2174).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2175).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2176).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2177).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2178).

This update resolves a URL parsing vulnerability that could lead to cross-site scripting (Firefox and Chrome browsers only) (CVE-2010-2179).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2180).

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2181).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2182).

This update resolves a integer overflow vulnerability that could lead to code execution (CVE-2010-2183).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2184).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-2185).

This update resolves a denial of service vulnerability that can cause the application to crash. Arbitrary code execution has not been demonstrated, but may be possible. (CVE-2010-2186).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2187).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2188).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2189).
Note: This issue occurs only on VMWare systems with VMWare Tools enabled.

This update resolves a denial of service issue (CVE-2008-4546).

========================================================================
Comment 5 Swamp Workflow Management 2010-06-11 08:44:35 UTC
The SWAMPID for this issue is 33873.
This issue was rated as important.
Please submit fixed packages as soon as possible.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Marcus Meissner 2010-06-11 14:30:19 UTC
we are releasing the box update consciously decoupled from the maintenance updates
due to severity of this issue.
Comment 7 Swamp Workflow Management 2010-06-11 14:34:15 UTC
Update released for: flash-player
Products:
openSUSE 11.0 (i386)
openSUSE 11.1 (i586)
openSUSE 11.2 (i586)
Comment 8 Heiko Rommel 2010-06-11 15:34:29 UTC
The updates for SLED11 and SLED11SP1 are not fixed in all parts:

/usr/bin/flashplayer -v
WARNING: environment variable G_FILENAME_ENCODING set and it is not UTF-8
10,0,45,2

In contrast, firefox / about:plugins says

Shockwave Flash 10.1 R53
Comment 9 Marcus Meissner 2010-06-11 16:00:02 UTC
so standalone player still not updated.


however i released the updates now (except moblin)
Comment 10 Swamp Workflow Management 2010-06-11 23:10:18 UTC
Update released for: flash-player
Products:
SLE-DESKTOP 11 (i386, x86_64)
Comment 11 Swamp Workflow Management 2010-06-11 23:14:54 UTC
Update released for: flash-player
Products:
SLE-DESKTOP 11-SP1 (i386, x86_64)
Comment 12 Swamp Workflow Management 2010-06-11 23:15:13 UTC
Update released for: flash-player
Products:
SLE-DESKTOP 10-SP3 (i386, x86_64)
Comment 13 Marcus Meissner 2010-06-14 12:06:34 UTC
close , just moblin not yet released.
Comment 14 Bernhard Wiedemann 2016-04-15 11:50:37 UTC
This is an autogenerated message for OBS integration:
This bug (612063) was mentioned in
https://build.opensuse.org/request/show/41338 Factory:NonFree / flash-player
https://build.opensuse.org/request/show/41339 11.2:Test / flash-player