Adobe Director
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Adobe Director DIRAPI.DLL Invalid Read Vulnerability
1. *Advisory Information*
Remote exploitation of a memory corruption vulnerability in Adobe
Systems Inc.'s Shockwave Player could allow an attacker to execute
arbitrary code with the privileges of the current user. <BR> <BR> The
vulnerability takes place during the processing of a tSAC chunk within
an Adobe Director file. A length value is read from the tSAC chunk and
a signed comparison is made against the length value. If the length
value is negative, a memory address is incorrectly calculated and a
null byte is written to the memory address. This condition may lead to
arbitrary code execution.
Remote exploitation of a memory corruption vulnerability in Adobe
Systems Inc.'s Shockwave Player could allow an attacker to execute
arbitrary code with the privileges of the current user.
The vulnerability takes place during the processing of a malicious Adobe
Director file. A malicious user could cause a memory corruption by
including malformed data in a chunk. This condition may lead to
arbitrary code execution.
III. ANALYSIS
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
The vulnerability in advisory CORE-2010-0405 was incorrectly described
as an Invalid read, when it is really a Memory corruption vulnerability.
Updated Title:
Adobe Director DIRAPI.DLL Memory Corruption Vulnerability
Updated URL:
http://www.coresecurity.com/content/adobe-director-memory-corruption
-----BEGIN PGP SIGNATURE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Adobe Director DIRAPI.DLL Invalid Read Vulnerability
Additional research on this vulnerability was performed by Core Security
Technologies researchers. Updated technical information has been
published at:
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION ---------------------
VUPEN Vulnerability Research Team discovered four critical vulnerabilities
affecting
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
allows remote attackers to execute code on vulnerable
installations of Adobe's Shockwave Player. User interaction is required
in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File. When a malicious value is used
extern to signed integer . Exploitation can lead to remote system
compromise under the credentials of the currently logged in user.
ref
http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
on vulnerable installations of Adobe's Shockwave Player. User
interaction is required in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File.
Exploitation can lead to remote system high cpu load ( infinite loop).
ref
http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html
http://www.adobe.com/support/security/bulletins/apsb10-12.html
allows remote attackers to execute code on vulnerable
installations of Adobe's Shockwave Player. User interaction is required
in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File. When a malicious value is used
during a memory dereference a possible 4-byte memory overwrite may
occur. Exploitation can lead to remote system compromise under the
credentials of the currently logged in user.
|
