[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability

2012-02-16T00:00:00
ID SECURITYVULNS:DOC:27689
Type securityvulns
Reporter Securityvulns
Modified 2012-02-16T00:00:00

Description

[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability

Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0055 CVE: CVE-2012-0759

http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0055_adobe-shockwave-player-parsing-block_cout-memory-corruption-vulnerability/

adobe security bulletins http://www.adobe.com/support/security/bulletins/apsb12-02.html

1 Affected Products

Test Version: Adobe Shockeave Player 11.6.3.633 Adobe Shockwave Player 11.6.1.629 and prior

2 Vulnerability Details

When adobe shockwave player parsing the field of KEY_ATOM of Director File, it don't have proper check,this will lead the key atom pointer overwrite. Successfully exploited this vulnerability will lead to arbitrary code execution.

3 Exploitable?

This vulnerability will lead the key atom pointer overwrite Successfully exploited this vulnerability will lead to arbitrary code execution.

4 About Code Audit Labs:

Code Audit Labs secure your software,provide Professional include source code audit and binary code audit service. Code Audit Labs:" You create value for customer,We protect your value" http://www.VulnHunt.com http://blog.vulnhunt.com http://t.qq.com/vulnhunt http://weibo.com/vulnhunt