Bugtraq mailing list archives
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
From: Code Audit Labs <vulnhunt () gmail com>
Date: Wed, 15 Feb 2012 08:59:35 +0800
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0055 CVE: CVE-2012-0759 http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0055_adobe-shockwave-player-parsing-block_cout-memory-corruption-vulnerability/ adobe security bulletins http://www.adobe.com/support/security/bulletins/apsb12-02.html 1 Affected Products ================= Test Version: Adobe Shockeave Player 11.6.3.633 Adobe Shockwave Player 11.6.1.629 and prior 2 Vulnerability Details ===================== When adobe shockwave player parsing the field of KEY_ATOM of Director File, it don't have proper check,this will lead the key atom pointer overwrite.Successfully exploited this vulnerability will lead to arbitrary code execution.
3 Exploitable? ============ This vulnerability will lead the key atom pointer overwriteSuccessfully exploited this vulnerability will lead to arbitrary code execution.
4 About Code Audit Labs: ===================== Code Audit Labs secure your software,provide Professional include source code audit and binary code audit service. Code Audit Labs:" You create value for customer,We protect your value" http://www.VulnHunt.com http://blog.vulnhunt.com http://t.qq.com/vulnhunt http://weibo.com/vulnhunt
Current thread:
- [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability Code Audit Labs (Feb 15)