Информационная безопасность
[RU] switch to English

Дополнительная информация

  Переполнение буфера в Macromedia Flash (buffer overflow)

  Дырки в Macromedia Flash

  Macromedia Flash Activex Buffer overflow

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:29 октября 2002 г.
Subject:Multiple vulnerabilities in Macromedia Flash ActiveX

Author: LOM <lom at lom.spb.ru>
Product: Macromedia Flash ActiveX 6.0 (6,0,47,0)
Vendor: Macromedia was not contacted
Risk: High
Remote: Yes
Exploitable: Yes


Macromedia  flash  ActiveX  plugin  displays  .swf  files under Internet


Few  vulnerabilities  were  identified: protected memory reading, memory
consumption DoS and more serious:
1. zlib 1.1.3 double free() bug
2. Buffer overflow in SWRemote parameter for flash object.


Last  bug is very close to one reported by eEye in May [2]. This kind of
overflows  (heap based Unicode overflow) is definitely exploitable under
Internet  Explorer.  Attached  proof of concept (by LOM)[1] demonstrates
exception  triggered  in  free(). See [3] for exploiting heap overflows,
[4] for exploiting Unicode overflows under Internet Explorer.


Vulnerabilities were discovered by LOM <lom at lom.spb.ru>


1. Macromedia Shockwave proof of concept
2. eEye, Macromedia Flash Activex Buffer overflow
3. w00w00 on Heap Overflows
4. 3APA3A, Details and exploitation of buffer overflow in mshtml.dll (and
  few sidenotes on Unicode overflows in general)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород