TUCoPS :: Windows Apps :: b1a-1013.htm

Adobe Shockwave Player Director File Parsing integer overflow vulnerability
Adobe Shockwave Player Director File Parsing integer overflow vulnerability
Adobe Shockwave Player Director File Parsing integer overflow vulnerability


[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer
overflow vulnerability


Affected Products
================11.5.2.602 ,11.5.6.606 and prior

CVE ID: CVE-2010-0129
CAL ID: CAL-20100204-2


Vulnerability Details
====================
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability 
allows remote attackers to execute code on vulnerable
installations of Adobe's Shockwave Player. User interaction is required
in that a user must visit a malicious web site.

The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File. When a malicious value is used
extern to signed integer . Exploitation can lead to remote system
compromise under the credentials of the currently logged in user.

ref
http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html 
http://www.adobe.com/support/security/bulletins/apsb10-12.html 

Disclosure Timeline
==================2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
2010-5-11 Coordinated public release of advisory.


About Code Audit Labs:
====================Code Audit Labs is department of VulnHunt company which provide a
professional security testing products / services / security consulting
and training ,we sincerely hope we can help your procudes to improve code
quality and safety.
WebSite http://www.VulnHunt.com ( online soon)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH