Code Audit Labs has discovered a vulnerability on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. Exploitation can lead to remote system high cpu load (infinite loop).
0a144e4f9c1a09ee66a7a07dc51e8d46f392d77a7ee37b73e6d6eb2a5343baff [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size
infinite loop vulnerability
Affected Products
=================
11.5.2.602 ,11.5.6.606 and prior
CVE ID: CVE-2010-1282
CAL ID: CAL-20100204-1
Vulnerability Details
=====================
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
on vulnerable installations of Adobe's Shockwave Player. User
interaction is required in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File.
Exploitation can lead to remote system high cpu load ( infinite loop).
ref
http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html
http://www.adobe.com/support/security/bulletins/apsb10-12.html
Disclosure Timeline
===================
2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
2010-5-11 Coordinated public release of advisory.
About Code Audit Labs:
=====================
Code Audit Labs is department of VulnHunt company which provide a
professional security testing products / services / security consulting
and training ,we sincerely hope we can help your procudes to improve code
quality and safety.
WebSite http://www.VulnHunt.com ( online soon)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed