Adobe Flash Pwn2Own details released by ZDI...

Summary:... and unfortunately leaves much to be desired.  I think many people were hoping for the disclosure from ZDI to contain a lot of details on what could've been exploited with this issue, unfortunately, the details just aren't really there.

... and unfortunately leaves much to be desired.  I think many people were hoping for the disclosure from ZDI to contain a lot of details on what could've been exploited with this issue, unfortunately, the details just aren't really there.  In fact, after reading it, I think I have more questions then I do answers. 

We now know the vulnerable function, and we also know approximately what an attacker might do to try to exploit the issue, so any vulnerability researchers out there that want to take a crack at creating a proof of concept have at least a starting point, but the advisory really left a lot up to the reader's imagination.

There is no mention from ZDI about if this vulnerability in Adobe Flash would be exploitable on *Nix or Mac, despite the previous details clearly indicating it was a cross-platform flaw.  The ZDI Advisory is noted below:

ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-08-021 April 8, 2008

-- CVE ID: CVE-2007-6019

-- Affected Vendors: Adobe

-- Affected Products: Adobe Flash Player

-- Vulnerability Details: This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site.

The specific flaw exists when the Flash player attempts to access embedded Actionscript objects that have not been properly instantiated.

In order for exploitation to occur, an attacker would have to modify a DeclareFunction2 Actionscript tag within an SWF file. Exploitation of this vulnerability can result in arbitrary code execution under the context of the currently logged in user.

-- Vendor Response: Adobe has issued an update to correct this vulnerability. More details can be found at:

http://www.adobe.com/support/security/bulletins/apsb08-11.html

-- Disclosure Timeline: 2008-02-07 - Vulnerability reported to vendor 2008-04-08 - Coordinated public release of advisory

-- Credit: This vulnerability was discovered by:    * Javier Vicente Vallejo    * Shane Macaulay CanSecWest 2007 PWN2OWN Winner

-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com

-Nate

Topics: Security, Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.