[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 4 Apr 2013 00:30:06 +0200
From: Jann Horn <jann@...jh.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: DoS vulnerability in Adobe Flash Player (BSOD)
On Thu, Apr 04, 2013 at 01:24:29AM +0300, MustLive wrote:
> Hello list!
>
> I want to warn you about Denial of Service vulnerability (BSOD) in Adobe
> Flash Player. I've found this vulnerability at 27.01.2013.
>
> -------------------------
> Affected products:
> -------------------------
>
> Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI
> video cards.
>
> Adobe have fixed it at 12.02.2013 in their patch APSB13-05
> (https://www.adobe.com/support/security/bulletins/apsb13-05.html), which
> fixed multiple vulnerabilities in flash player. At that Adobe did it
> hiddenly without mentioned about this vulnerability and without referencing
> on me. After my informing in the end of January, they was "checking it"
> during 1,5 months and said, that they can't reproduce this vulnerability (at
> that I've reproduced it on multiple computers with ATI video cards), that
> they don't know anything (the hole was accidentally fixed in APSB13-05) and
> this DoS doesn't related to them.
Sorry, but how can this be a vuln in *Flash*, a *user-space* component, if it
can be used to cause a BSOD, which, as far as I know, means that something bad
happened *in the Kernel*? Sounds to me as if Flash is not the (or at least not
the only) culprit...
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists