Critical Adobe Flash Media Server Denial of Service Vulnerability (APSB10-27)
( APSB10-27, CVE-2010-3634 )
Summary
A critical denial of service vulnerability has been reported in Adobe Flash Media Server. A remote attacker could use this issue to create a denial of service condition, thus crashing the vulnerable application.
Details
The Adobe Flash Media Server is a multimedia and application server that streams Shockwave Flash (SWF) content to clients.
The vulnerability is due to an error in an Adobe Flash Media Server edge process that fails to properly parse malformed SWF files. A remote attacker might exploit this issue by convincing a victim to open a specially crafted SWF file. Successful exploitation of this vulnerability could crash the vulnerable application.Affected Products
This issue exists in the following versions of Flash Media Server for Windows and Linux:
- 4.0 and earlier
- 3.5.4 and earlier
- 3.0.6 and earlier
Solution
Adobe has released updated versions of Flash Media Server that fix this vulnerability. Check Point IPS Software Blade provides immediate network protection for unpatched systems in the latest IPS Update by detecting and blocking malformed SWF files. For more information, see CPAI-2010-318.
Originally Published:
Last Updated: 25-Nov-2010