Overview
» IDS/IPS Signatures
Security Sites
iPolicy Networks Security Advisory
 

Adobe Flash Media Server Directory Traversal Vulnerability
Date Discovered: 12/21/2009
Severity: High
Application Affected: Adobe FMS 3.5.2 and earlier
Type: Remote
Identifiers: CVE-2009-3792
Synopsis

Adobe Flash Media Server (FMS) is prone to a directory traversal vulnerability, which could be exploited to load arbitrary DLL files and execute arbitrary code on the affected system.
Recommended Actions
Update the patches as guided by vendor at :
http://www.adobe.com/support/security/bulletins/apsb09-18.html
Threat Analysis

Flash Media Server is the industry-leading solution for streaming video and real-time communication from Adobe systems. A directory traversal vulnerability exists in Adobe FMS  3.5.2 and earlier versions.

The flaw exists due to an unspecified error in the FMS. An attacker may exploit this vulnerability by sending specially crafted data to upload arbitrary DLL files on the server, and possibly execute malicious code or launch further attacks on the target system.
References

http://www.securityfocus.com/bid/37420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3792
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3792

Write-up by: Dheeraj Johri

3