Note: This is an archival copy of Security Sun Alert 201506 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001124.1.
Article ID : 1001124.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-12-10
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in Adobe Flash Player May Allow Unauthorized System Access or Generation of HTTP Requests

Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6555685

Date of Resolved Release
11-DEC-2007

Impact

Three security vulnerabilities in the Adobe Flash Player product shipped with Solaris 10 may allow remote users who create applications that are viewed with the Flash Player to perform unauthorized actions on the host. These actions may include executing arbitrary code with the privileges of the user running the Flash Player, generation of unauthorized HTTP requests from the affected host, or, depending on the browser that is used with the Flash player, unauthorized access to information entered into the affected host via the logging of keystrokes.

These issues are described in the following documents:

  APSB07-12 at http://www.adobe.com/support/security/bulletins/apsb07-12.html

  CVE-2007-3456 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456

  CVE-2007-3457 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

  CVE-2007-2022 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022

  CERT Technical Cyber Security Alert TA07-192A at http://www.us-cert.gov/cas/techalerts/TA07-192A.html


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 125332-02

x86 Platform

  • Solaris 10 without patch 125333-02

Notes:

  1. These issues can occur in Adobe Flash Player 7.x for Solaris.
  2. Solaris 8 and Solaris 9 are not affected by this issue.

The Adobe Flash Player shipped with Solaris is a Web Browser plugin, meaning that the Web Browser should be used to determine the version of the Flash Player in use. For example, when using the Mozilla Browser, visit the following URL:

about:plugins

and search for the Flash Player in the list of plugins.


Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 125332-02 or later

x86 Platform

  • Solaris 10 with patch 125333-02 or later

Note: The above listed patches will upgrade the Flash Player to version 9.0 r47.

For more information on Security Sun Alerts, see Sun 1009886.1.



References

125332-02
125333-02




Attachments
This solution has no attachment