Intrusion Prevention

Adobe.Flash.Player.File.Handling.Code.Execution

Description

This indicates an attack attempt to exploit a remote code-execution vulnerability in Adobe Flash Player.
The vulnerability is caused by an error when the vulnerable software handles
a malicious long string or XML variable type. It can be exploited via a crafted SWF or FLV file, leading to remote code execution.

Affected Products

S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SUSE Linux Enterprise Server 10 SP1
S.u.S.E. openSUSE 10.2
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
RedHat Enterprise Linux Supplementary v.5 server
RedHat Enterprise Linux Extras v.4
RedHat Enterprise Linux Extras v.3
RedHat Enterprise Linux Desktop Supplementary v.5 client
Nintendo Nintendo Wii 0
Macromedia Flash 8.0.24 .0
Macromedia Flash 8.0.22 .0
Macromedia Flash 7.0.63 .0
Macromedia Flash 7.0.61 .0
Macromedia Flash 7.0.60 .0
Macromedia Flash 7.0.25 .0
Macromedia Flash 7.0.19 .0
Macromedia Flash 7.0 r19
Macromedia Flash 8.0.33.0
Macromedia Flash 8.0
Macromedia Flash 7.0.68.0
Macromedia Flash 7.0.66.0
Foresight Linux Foresight Linux 1.1
Adobe Flash Player Plugin 9.0.31 .0
Adobe Flash Player Plugin 9.0.28 .0
Adobe Flash Player Plugin 9.0.20 .0
Adobe Flash Player Plugin 9.0.16
Adobe Flash Player Plugin 8.0
Adobe Flash Player Plugin 7.0.63
Adobe Flash Player Plugin 7.0.25
Adobe Flash Player Plugin 9.0.18d60
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 8.0.34.0
Adobe Flash Player 7.0.69.0

Impact

System Comprise: Remote attackers can gain control of the vulnerable system.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

CVE References

CVE-2007-3456