TUCoPS :: Windows Apps :: b1a-1011.htm

Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability
Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability
Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability


  [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size
infinite loop vulnerability


Affected Products
================11.5.2.602 ,11.5.6.606 and prior

CVE ID: CVE-2010-1282
CAL ID: CAL-20100204-1


Vulnerability Details
====================
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability 
 on vulnerable installations of Adobe's Shockwave Player. User
interaction is required in that a user must visit a malicious web site.

The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File.
Exploitation can lead to remote system high cpu load ( infinite loop).

ref
http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html 
http://www.adobe.com/support/security/bulletins/apsb10-12.html 

Disclosure Timeline
==================2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
2010-5-11 Coordinated public release of advisory.


About Code Audit Labs:
====================Code Audit Labs is department of VulnHunt company which provide a
professional security testing products / services / security consulting
and training ,we sincerely hope we can help your procudes to improve code
quality and safety.
WebSite http://www.VulnHunt.com ( online soon)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH