[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <00d001ce30ba$053bd2a0$9b7a6fd5@pc>
Date: Thu, 4 Apr 2013 01:24:29 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>,
"1337 Exploit DataBase" <mr.inj3ct0r@...il.com>
Subject: DoS vulnerability in Adobe Flash Player (BSOD)
Hello list!
I want to warn you about Denial of Service vulnerability (BSOD) in Adobe
Flash Player. I've found this vulnerability at 27.01.2013.
-------------------------
Affected products:
-------------------------
Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI
video cards.
Adobe have fixed it at 12.02.2013 in their patch APSB13-05
(https://www.adobe.com/support/security/bulletins/apsb13-05.html), which
fixed multiple vulnerabilities in flash player. At that Adobe did it
hiddenly without mentioned about this vulnerability and without referencing
on me. After my informing in the end of January, they was "checking it"
during 1,5 months and said, that they can't reproduce this vulnerability (at
that I've reproduced it on multiple computers with ATI video cards), that
they don't know anything (the hole was accidentally fixed in APSB13-05) and
this DoS doesn't related to them.
----------
Details:
----------
Denial of Service (WASC-10):
This is Denial of Service vulnerability, which leads to crash of Operating
System (tested on Windows XP and 7).
Here is video, which demonstrates this vulnerability in Flash:
http://www.youtube.com/watch?v=xi29KZ3LD80
This is memory corruption (access violation) vulnerability. Which can be
used for BSOD and potentially for remote code execution.
For attack the flash-file is used VideoJS Flash Component from Zencoder.
I've informed developers of this video player already in beginning of
February.
Attack works in browsers Firefox and Opera (at that BSOD works only in
Firefox):
In Mozilla Firefox 15.0.1 and 18.0.1 - freezing of the browser (which can't
be closed) and BSOD of the system.
In Mozilla Firefox 3.0.19 and 10.0.7 ESR - no problems (all is working
normally).
In Opera 10.62 - freezing of the browser (which can be closed).
PoC/Exploit:
http://websecurity.com.ua/uploads/2013/Adobe%20Flash%20DoS%20BSOD.rar
To start the exploit it's needed to placed it on web server (e.g. on
localhost), put any mp4-file under name poc.mp4 near poc.htm and start
htm-file (at web server). And then click on speaker image or on area of
video player.
------------
Timeline:
------------
2013.01.27 - found vulnerability.
2013.01.28 - recorded video PoC. And in the night have informed developers.
2013.02.01 - again informed developers, because they didn't answer. After
that Adobe answered on the first letter.
2013.02.08 - informed developers of VideoJS.
2013.02.12 - Adobe fixed vulnerability and released patch, but still
investigating.
2013.02-03 - during February-March, while Adobe was investigating this
vulnerability, I've sent them information about different tested computers
where hole was working (on ATI cards) and was not working (on nVidia cards).
And sent them all information they needed.
2013.03.02 - announced at my site.
2013.03.13 - Adobe finished investigation.
2013.04.03 - disclosed at my site (http://websecurity.com.ua/6364/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists