Adobe ShockWave Player 11.5.1.601 ActiveX Buffer Overflow PoC

2009-09-15T00:00:00
ID 1337DAY-ID-7015
Type zdt
Reporter Francis Provencher
Modified 2009-09-15T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            =============================================================
Adobe ShockWave Player 11.5.1.601 ActiveX Buffer Overflow PoC
=============================================================

#####################################################################################

Application:  Adobe ShockWave Player (11.5.1.601)
            
Platforms:    Windows XP Professional French SP2 and SP3

crash:	      IE 6.0.2900.2180
	
Exploitation: remote DoS

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

===============
1) Introduction
===============

Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.
These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment,
interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director.

#####################################################################################

============================
2) Technical details 
============================

Name:	SwDir.dll
Ver.:	11.5.1.601
CLSID:	{233C1507-6A77-46A4-9443-F871F945D258}


(d40.b20): Stack overflow - code c00000fd 
eax=00305004 ebx=00000003 ecx=00032f80 edx=00400000 esi=09ae0024 edi=00400002
eip=69214965 esp=0012df78 ebp=0012df8c iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010202



#####################################################################################



#  0day.today [2018-04-09]  #