| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 05 Jan 2014 22:24:16 +0000 From: sixtyvividtails <sixtyvividtails@...dex.com> To: submissions@...ketstormsecurity.org, full-disclosure@...ts.grok.org.uk Subject: Re: DoS vulnerability in Adobe Flash Player (BSOD) Do you have any plans to release more details regarding this denial of service vulnerability? BSOD crashdump, may be? On 2013-12-30 19:11, MustLive wrote: > Hello list! > > At beginning of this year I informed you about DoS vulnerability in > Adobe Flash. Look at advisory > (http://seclists.org/fulldisclosure/2013/Apr/9) with exploit and video > demonstration (http://www.youtube.com/watch?v=xi29KZ3LD80) of previous > DoS in Flash. Adobe hiddenly fixed it in the patch APSB13-05 and > answered that "a fix to another hole accidentally fixed this hole". > And here is a new DoS. Which can be new hole or can be related to old > one (if Adobe has resurrected old DoS hole in new versions of Flash). > > This is Denial of Service vulnerability in Adobe Flash, which leaded > to BSOD. Last week I informed Adobe and Mozilla (since attack works > only in Mozilla browsers). > > ------------------------- > Affected products: > ------------------------- > > Attack works only on AMD/ATI video cards. I checked it on multiple > computers with Windows XP, Windows 7 and Ubuntu Linux 13.04. > > Vulnerable Adobe Flash 11.9.900.152 and 11.9.900.170 (the last > version) for Windows and Flash 11.2.202.332 for Linux (the last > version for this OS). On Linux there is 100% CPU consumption and on > Windows (XP and 7) there is crash of the OS. > > ---------- > Details: > ---------- > > Denial of Service (WASC-10): > > This is Denial of Service vulnerability, which leads to crash of > Operating System (tested on Windows XP and 7). As previous DoS hole, > this one also works only with AMD/ATI video cards (and it works on > different OS unlike previous DoS in Flash). Also it works potentially > in any flash media player in Internet - at any web sites, including > YouTube (it doesn't require swf file of VideoJS, as previous hole). > > This is memory corruption (access violation) vulnerability. Which can > be used for BSOD and potentially for remote code execution. > > Here is video, which demonstrates this vulnerability in Flash: > > http://www.youtube.com/watch?v=-YgbPCq-dH0 > > In the video there is web site with JW Player (but freezing and/or > crashing of the OS happens in any flash video players). > > Attack is going on a browser Firefox (on Windows XP freezing or BSOD > can be from the first or not from the first time, 100% CPU consumption > on Linux works all the time). In Mozilla Firefox 3.0.19, 10.0.7 ESR, > 15.0.1 and 26 - freezing of the browser and BSOD of the OS. > > I have disclosed it at my site (http://websecurity.com.ua/6939/). > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- sixtyvividtails@...dex.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists