Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

Title: Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

Vendor: Adobe Systems Incorporated

Product web page: http://www.adobe.com

Summary: Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.
These people now have access to some of the best the Web has to offer – including
dazzling 3D games and entertainment, interactive product demonstrations, and online
learning applications. Shockwave Player displays Web content that has been created
by Adobe Director.

Desc: Shockwave Player version 11.5.6.606 and earlier from Adobe suffers from a memory consumption /
corruption and buffer overflow vulnerabilities that can aid the attacker to cause denial of service
scenarios and arbitrary code execution. The vulnerable software fails to sanitize user input when
processing .dir files resulting in a crash and overwrite of a few memory registers.

Tested on: Microsoft Windows XP Professional SP3 (English)

Version tested: 11.5.6.606

(f94.ae4): Access violation – code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8
eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206
*** WARNING: Unable to verify checksum for C:\Program Files\Adobe\Adobe Director 11\DIRAPI.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll –
DIRAPI!Ordinal14+0x3b16:
68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=????????

—————————————————————————————————-

EAX FFFFFFFF
ECX 41414141
EDX FFFFFFFF
EBX 00000018
ESP 0012F3B4
EBP 02793578
ESI 0012F3C4
EDI 02793578
EIP 69009F1F IML32.69009F1F

More info:
http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2010-4937.php
http://www.adobe.com/support/security/bulletins/apsb10-12.html

Comment are closed.