Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:SWF:DEFSCENE-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Overflow

Release Date

 2008/05/29

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Overflow


This signature detects attempts to exploit a known vulnerability in the Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData parameter. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Extended Description

Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Flash Player 9.0.115.0 and earlier versions are affected. NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0. Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.

Affected Products

  • Adobe AIR 1.0
  • Adobe Flash Basic 8
  • Adobe Flash CS3 Professional
  • Adobe Flash Player 8.0.34.0
  • Adobe Flash Player 8.0.35.0
  • Adobe Flash Player 9
  • Adobe Flash Player 9.0.115.0
  • Adobe Flash Player 9.0.28.0
  • Adobe Flash Player 9.0.31.0
  • Adobe Flash Player 9.0.45.0
  • Adobe Flash Player 9.0.47.0
  • Adobe Flash Player 9.0.48.0
  • Adobe Flash Player Plugin 8.0.0
  • Adobe Flash Player Plugin 9.0.16
  • Adobe Flash Player Plugin 9.0.18d60
  • Adobe Flash Player Plugin 9.0.20 .0
  • Adobe Flash Player Plugin 9.0.28 .0
  • Adobe Flash Player Plugin 9.0.31 .0
  • Adobe Flash Professional 8
  • Adobe Flex 3.0
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X 10.5
  • Apple Mac OS X 10.5.1
  • Apple Mac OS X 10.5.2
  • Apple Mac OS X Server 10.4.11
  • Apple Mac OS X Server 10.5
  • Apple Mac OS X Server 10.5.1
  • Apple Mac OS X Server 10.5.2
  • Gentoo Linux
  • Nortel Networks Self-Service
  • Nortel Networks Self-Service - CCSS7
  • Nortel Networks Self-Service Media Processing Server
  • Nortel Networks Self-Service MPS 1000
  • Nortel Networks Self-Service Peri Application
  • Nortel Networks Self-Service Peri Workstation
  • Red Hat Enterprise Linux Desktop Supplementary 5 Client
  • Red Hat Enterprise Linux Extras 3
  • Red Hat Enterprise Linux Extras 4
  • Red Hat Enterprise Linux Supplementary 5 Server
  • Sun OpenSolaris Build Snv 88
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • SuSE Linux 10.1 Ppc
  • SuSE Linux 10.1 X86
  • SuSE Linux 10.1 X86-64
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE openSUSE 10.2
  • SuSE openSUSE 10.3
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • Turbolinux FUJI
  • Turbolinux wizpy

References

  • BugTraq: 28695
  • CVE: CVE-2007-0071
  • URL: http://www.iss.net/threats/289.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out