VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01)

2011-02-14T00:00:00

Description

VUPEN Security Research - Adobe Shockwave DIRAPI Lctx Chunck Memory Corruption Vulnerability (APSB11-01) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director." from Adobe.com II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the "DIRAPI.dll" module when processing the "LCTX" chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --------------------------- Adobe Shockwave Player version 11.5.9.615 and prior IV. Binary Analysis & Exploits/PoCs --------------------------------------- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program ----------------------------------- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. VUPEN TPP customers have been protected against this vulnerability 9 months before the release of the Adobe patch. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION ---------------- Upgrade to Adobe Shockwave Player version 11.5.9.620. VII. CREDIT -------------- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --------------------------- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis & Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES ---------------------- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0335 http://www.adobe.com/support/security/bulletins/apsb11-01.html X. DISCLOSURE TIMELINE ----------------------------- 2010-05-15 - Vulnerability Discovered by VUPEN 2010-05-17 - VUPEN TPP customers informed 2010-xx-xx - Vulnerability rediscovered by third parties 2011-02-08 - Adobe security update released

{"id": "SECURITYVULNS:DOC:25700", "bulletinFamily": "software", "title": "VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01)", "description": "VUPEN Security Research - Adobe Shockwave DIRAPI Lctx Chunck Memory \r\nCorruption Vulnerability (APSB11-01)\r\n\r\nhttp://www.vupen.com/english/research.php\r\n\r\n\r\nI. BACKGROUND\r\n---------------------\r\n\r\n"Over 450 million Internet-enabled desktops have installed Adobe Shockwave\r\nPlayer. These people now have access to some of the best the Web has to \r\noffer\r\nincluding dazzling 3D games and entertainment, interactive product\r\ndemonstrations, and online learning applications. Shockwave Player displays\r\nWeb content that has been created by Adobe Director." from Adobe.com\r\n\r\n\r\nII. DESCRIPTION\r\n---------------------\r\n\r\nVUPEN Vulnerability Research Team discovered a critical vulnerability\r\nin Adobe Shockwave.\r\n\r\nThe vulnerability is caused by a memory corruption error in the "DIRAPI.dll"\r\nmodule when processing the "LCTX" chunk within a Director File, which could\r\nbe exploited by remote attackers to execute arbitrary code by tricking a\r\nuser into visiting a malicious web page.\r\n\r\nCVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\r\n\r\n\r\nIII. AFFECTED PRODUCTS\r\n---------------------------\r\n\r\nAdobe Shockwave Player version 11.5.9.615 and prior\r\n\r\n\r\nIV. Binary Analysis & Exploits/PoCs\r\n---------------------------------------\r\n\r\nIn-depth binary analysis of the vulnerability and a code execution exploit\r\nare available through the VUPEN Binary Analysis & Exploits Service :\r\n\r\nhttp://www.vupen.com/english/services/ba-index.php\r\n\r\n\r\nV. VUPEN Threat Protection Program\r\n-----------------------------------\r\n\r\nTo proactively protect critical networks and infrastructures against \r\nunpatched\r\nvulnerabilities and reduce risks related to zero-day attacks, VUPEN shares \r\nits\r\nvulnerability research with governments and organizations members of the \r\nVUPEN\r\nThreat Protection Program (TPP).\r\n\r\nVUPEN TPP customers receive fully detailed and technical reports about \r\nsecurity\r\nvulnerabilities discovered by VUPEN and in advance of their public \r\ndisclosure.\r\n\r\nVUPEN TPP customers have been protected against this vulnerability 9 months\r\nbefore the release of the Adobe patch.\r\n\r\nhttp://www.vupen.com/english/services/tpp-index.php\r\n\r\n\r\nVI. SOLUTION\r\n----------------\r\n\r\nUpgrade to Adobe Shockwave Player version 11.5.9.620.\r\n\r\n\r\nVII. CREDIT\r\n--------------\r\n\r\nThis vulnerability was discovered by Chaouki Bekrar of VUPEN Security\r\n\r\n\r\nVIII. ABOUT VUPEN Security\r\n---------------------------\r\n\r\nVUPEN is a leading IT security research company providing vulnerability\r\nmanagement and security intelligence solutions which enable enterprises\r\nand institutions to eliminate vulnerabilities before they can be exploited,\r\nensure security policy compliance and meaningfully measure and manage risks.\r\n\r\nGovernmental and federal agencies, and global enterprises in the financial\r\nservices, insurance, manufacturing and technology industries rely on VUPEN\r\nto improve their security, prioritize resources, cut time and costs, and\r\nstay ahead of the latest threats.\r\n\r\n* VUPEN Vulnerability Notification Service (VNS) :\r\nhttp://www.vupen.com/english/services/vns-index.php\r\n\r\n* VUPEN Binary Analysis & Exploits Service (BAE) :\r\nhttp://www.vupen.com/english/services/ba-index.php\r\n\r\n* VUPEN Threat Protection Program for Govs (TPP) :\r\nhttp://www.vupen.com/english/services/tpp-index.php\r\n\r\n* VUPEN Web Application Security Scanner (WASS) :\r\nhttp://www.vupen.com/english/services/wass-index.php\r\n\r\n\r\nIX. REFERENCES\r\n----------------------\r\n\r\nhttp://www.vupen.com/english/research-vuln.php\r\nhttp://www.vupen.com/english/advisories/2011/0335\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-01.html\r\n\r\n\r\nX. DISCLOSURE TIMELINE\r\n-----------------------------\r\n\r\n2010-05-15 - Vulnerability Discovered by VUPEN\r\n2010-05-17 - VUPEN TPP customers informed\r\n2010-xx-xx - Vulnerability rediscovered by third parties\r\n2011-02-08 - Adobe security update released\r\n", "published": "2011-02-14T00:00:00", "modified": "2011-02-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25700", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:39", "edition": 1, "viewCount": 16, "enchantments": {"score": {"value": 2.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11417"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11417"]}]}, "exploitation": null, "vulnersScore": 2.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645388442}}

VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability &#40;APSB11-01&#41;

Description

VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01)