Adobe Flash Player 11.5.502.135 memory corruption

2012-12-17 / 2013-01-05
Credit: coolkaveh
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Title : Adobe Flash Player 11,5,502,135 memory corruption Version : 11,5,502,135 Date : 2012-12-17 Vendor : http://www.adobe.com/ Impact : High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : Internet Explorer 8 Windows 7 Author : coolkaveh ############################################### Bug : The vulnerability cause a Memory corruption via a specially crafted Flv files. Successful exploits can allow attackers to execute arbitrary code ############################################### 900.c80): Access violation - code c0000005 (!!! second chance !!!) eax=00000000 ebx=02fefd38 ecx=00000000 edx=ffffffff esi=03230000 edi=02fefd3c eip=01953095 esp=02fefc2c ebp=02fefd48 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246 Flash32_11_5_502_135!DllUnregisterServer+0x22d8bf: 01953095 0fbf1456 movsx edx,word ptr [esi+edx*2] ds:0023:0322fffe=???? Exception Faulting Address: 0x322fffe Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) Faulting Instruction:01953095 movsx edx,word ptr [esi+edx*2] Basic Block: 01953095 movsx edx,word ptr [esi+edx*2] Tainted Input Operands: edx, esi 01953099 inc eax 0195309a cmp dword ptr [ebp-0ch],1 0195309e mov dword ptr [ebp+ecx*4-110h],edx Tainted Input Operands: edx 019530a5 mov dword ptr [ebp+8],eax 019530a8 jne flash32_11_5_502_135!dllunregisterserver+0x22d887 (0195305d) Exception Hash (Major/Minor): 0x1e0f6a3f.0x1e0f6a1c Stack Trace: Flash32_11_5_502_135!DllUnregisterServer+0x22d8bf Flash32_11_5_502_135!DllUnregisterServer+0x22c4e7 Flash32_11_5_502_135!DllUnregisterServer+0x22c8e7 Flash32_11_5_502_135!DllUnregisterServer+0x22ceca Flash32_11_5_502_135+0x19f324 Flash32_11_5_502_135+0x19f36a Flash32_11_5_502_135+0x19fd15 Flash32_11_5_502_135!DllUnregisterServer+0x48ff3 Flash32_11_5_502_135!DllUnregisterServer+0x49072 Instruction Address: 0x0000000001953095 ############################################### Proof of concept included. http://www48.zippyshare.com/v/64875465/file.html

References:

http://www48.zippyshare.com/v/64875465/file.html
http://seclists.org/fulldisclosure/2013/Jan/16
http://cxsecurity.com/cveshow/CVE-2012-5676
http://cxsecurity.com/cveshow/CVE-2012-5677
http://cxsecurity.com/cveshow/CVE-2012-5678


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top