Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Adobe Flash Player 11,5,502,135 memory corruption

🗓️ 17 Dec 2012 00:00:00Reported by coolkavehType 
zdt
 zdt🔗 0day.today👁 18 Views

Adobe Flash Player 11,5,502,135 memory corruption vulnerability in Flv file allows arbitrary code executio

Code
Title    :  Adobe Flash Player 11,5,502,135 memory corruption
Version  :  11,5,502,135
Date     :  2012-12-17
Vendor   :  http://www.adobe.com/
Impact   :  High
Contact  :  coolkaveh [at] rocketmail.com
Twitter  :  @coolkaveh
tested   :  Internet Explorer 8 Windows 7 
Author   :  coolkaveh
###########################################################################################################
Bug :
The vulnerability cause a Memory corruption via a specially
crafted Flv files.
Successful exploits can allow attackers to execute arbitrary code
###########################################################################################################
900.c80): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=02fefd38 ecx=00000000 edx=ffffffff esi=03230000 edi=02fefd3c
eip=01953095 esp=02fefc2c ebp=02fefd48 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00200246
Flash32_11_5_502_135!DllUnregisterServer+0x22d8bf:
01953095 0fbf1456        movsx   edx,word ptr [esi+edx*2] ds:0023:0322fffe=????

Exception Faulting Address: 0x322fffe
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)

Faulting Instruction:01953095 movsx edx,word ptr [esi+edx*2]

Basic Block:

    01953095 movsx edx,word ptr [esi+edx*2]
       Tainted Input Operands: edx, esi
    01953099 inc eax
    0195309a cmp dword ptr [ebp-0ch],1
    0195309e mov dword ptr [ebp+ecx*4-110h],edx
       Tainted Input Operands: edx
    019530a5 mov dword ptr [ebp+8],eax
    019530a8 jne flash32_11_5_502_135!dllunregisterserver+0x22d887 (0195305d)

Exception Hash (Major/Minor): 0x1e0f6a3f.0x1e0f6a1c

Stack Trace:
Flash32_11_5_502_135!DllUnregisterServer+0x22d8bf
Flash32_11_5_502_135!DllUnregisterServer+0x22c4e7
Flash32_11_5_502_135!DllUnregisterServer+0x22c8e7
Flash32_11_5_502_135!DllUnregisterServer+0x22ceca
Flash32_11_5_502_135+0x19f324
Flash32_11_5_502_135+0x19f36a
Flash32_11_5_502_135+0x19fd15
Flash32_11_5_502_135!DllUnregisterServer+0x48ff3
Flash32_11_5_502_135!DllUnregisterServer+0x49072
Instruction Address: 0x0000000001953095

###########################################################################################################
Proof of concept included.

http://www48.zippyshare.com/v/64875465/file.html

#  0day.today [2018-03-14]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Dec 2012 00:00Current
8High risk
Vulners AI Score8
adobe flash player 115502135; memory corruption; vulnerability; flv file; arbitrary code execution; internet explorer 8 windows 7
18