[CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite

2010-05-12T00:00:00
ID SECURITYVULNS:DOC:23831
Type securityvulns
Reporter Securityvulns
Modified 2010-05-12T00:00:00

Description

[CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite

Affected Products

11.5.2.602 ,11.5.6.606 and prior

CVE ID: CVE-2010-1280 CAL ID: CAL-20100204-3

Vulnerability Details

Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site.

The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. Exploitation can lead to remote system compromise under the credentials of the currently logged in user.

REF: http://www.adobe.com/support/security/bulletins/apsb10-12.html

Disclosure Timeline

2010-2-6 report to vendor 2010-2-7 vendor ask poc file 2010-2-7 we sent the poc file. 2010-2-8 vendor comfirm the issue. 2010-5-11 Coordinated public release of advisory.

About Code Audit Labs:

Code Audit Labs is department of VulnHunt company which provide a professional security testing products / services / security consulting and training ,we sincerely hope we can help your procudes to improve code quality and safety. WebSite http://www.VulnHunt.com ( online soon)