ISS X-Force Database: flashplayer-swf-httpreferer-csrf(35338): Adobe Flash Player SWF HTTP Referer cross-site request forgery

Adobe Flash Player SWF HTTP Referer cross-site request forgery

flashplayer-swf-httpreferer-csrf (35338)

Medium Risk

Description:

Adobe Macromedia Flash Player is vulnerable to cross-site request forgery, caused by a vulnerability when handling HTTP Referers. By persuading a victim to view a specially-crafted SWF file, a remote attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Platforms Affected:

Adobe, Flash Player 9
Adobe, Flash Player 9.0.124.0
Adobe, Flash Player 9.0.16
Adobe, Flash Player 9.0.18d60
Adobe, Flash Player 9.0.20
Adobe, Flash Player 9.0.20.0
Adobe, Flash Player 9.0.28
Adobe, Flash Player 9.0.28.0
Adobe, Flash Player 9.0.31
Adobe, Flash Player 9.0.31.0
Adobe, Flash Player 9.0.45.0
Gentoo, Linux
Novell, Linux Desktop 9
Novell, OpenSUSE 10.2
Novell, SUSE Linux Enterprise Desktop 10 SP1
Novell, UnitedLinux 1.0
Sun, Solaris 10 SPARC
Sun, Solaris 10 x86
SuSE, Linux Enterprise Server 8
SuSE, SuSE Linux 9.0
SuSE, SuSE Linux Retail Solution 8
Turbolinux, Turbolinux FUJI
Turbolinux, Turbolinux wizpy

Remedy:

Refer to APSB07-12 for patch, upgrade, or suggested workaround information. See References.

For Turbo Linux (flash-player):
Refer to TLSA-2007-36 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (Flash Player):
Refer to GLSA 200708-01 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Bypass Security

References:

APSB07-12, Flash Player update available to address security vulnerabilities at http://www.adobe.com/support/security/bulletins/apsb07-12.html.
Sun Alert ID: 103167, Security Vulnerabilities in Adobe Flash Player May Allow Unauthorized System Access or Generation of HTTP Requests at http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1.
ASA-2007-530: Security Vulnerabilities in Adobe Flash Player May Allow Unauthorized System Access or Generation of HTTP Requests (Sun 103167)
CVE-2007-3457: Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
GLSA-200708-01: Macromedia Flash Player: Remote arbitrary code execution
OSVDB ID: 38049: Adobe Flash Player HTTP Referer Header CSRF
SA26027: Adobe Flash Player Multiple Vulnerabilities
SECTRACK ID: 1018359: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code or Conduct Cross-Site Request Forgery Attacks
SUSE-SA:2007:046: flash-player security problems

Reported:

Jul 10, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page