| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F3B0377.7050400@gmail.com> Date: Wed, 15 Feb 2012 08:59:35 +0800 From: Code Audit Labs <vulnhunt@...il.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0055 CVE: CVE-2012-0759 http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0055_adobe-shockwave-player-parsing-block_cout-memory-corruption-vulnerability/ adobe security bulletins http://www.adobe.com/support/security/bulletins/apsb12-02.html 1 Affected Products ================= Test Version: Adobe Shockeave Player 11.6.3.633 Adobe Shockwave Player 11.6.1.629 and prior 2 Vulnerability Details ===================== When adobe shockwave player parsing the field of KEY_ATOM of Director File, it don't have proper check,this will lead the key atom pointer overwrite. Successfully exploited this vulnerability will lead to arbitrary code execution. 3 Exploitable? ============ This vulnerability will lead the key atom pointer overwrite Successfully exploited this vulnerability will lead to arbitrary code execution. 4 About Code Audit Labs: ===================== Code Audit Labs secure your software,provide Professional include source code audit and binary code audit service. Code Audit Labs:" You create value for customer,We protect your value" http://www.VulnHunt.com http://blog.vulnhunt.com http://t.qq.com/vulnhunt http://weibo.com/vulnhunt
Powered by blists - more mailing lists