Adobe Flash Player Integer Overflow Vulnerability (July 26, 2013)
Adobe Flash is a multimedia platform that allows executing rich internet applications. Adobe Flash Player can also stream audio and video while functioning either from Web Browser or as a Standalone Application. It supports various data and multimedia formats like XML, JSON, SWF, MP3, FLV, GIF, etc. along with streaming protocols like HTTP, RTMP, etc.
SWF file format is a binary format that adheres to an Adobe Flash Specification. The SWF file starts with a Header that contains bytes to distinguish the SWF file format from others. This is followed by a number of tags and their respective tag related data. An SWF file may also contain ActionScript code which is executed by ActionScript Virtual Machine. A developer can embed object-oriented ActionScript code in an SWF file which gets compiled into an ActionScript Byte Code. ActionScript provides a functionality to handle PCM which is a method used to digitally represent sampled analog data. An integer overflow can get triggered while re-sampling a user provided PCM buffer. Remote attackers can exploit this vulnerability in order to take control of the affected system. The vulnerability has been assigned a CVE-2013-3347. Dell SonicWALL has researched the vulnerability and released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. Following are signature details:- 9991 “Adobe Flash Player Integer Overflow”
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
