HTTP: Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Overflow
This signature detects attempts to exploit a known vulnerability in the Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData parameter. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Extended Description
Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Flash Player 9.0.115.0 and earlier versions are affected. NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0. Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.
Affected Products
Nortel_networks self-service_media_processing_server,Adobe flash_player_plugin
Short Name
HTTP:STC:SWF:DEFSCENE-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2007-0071 DefineSceneAndFrameLabelData File Flash Multimedia Overflow Player bid:28695
Release Date
05/29/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Adobe
Apple
Gentoo
Sun
Turbolinux
Nortel_networks
Suse
CVSS Score
9.3