|
|
|
|
| |
Credit:
The information has been provided by Vitaliy Toropov.
The original article can be found at: http://seclists.org/bugtraq/2011/Feb/118
|
| |
Vulnerable Systems:
* Adobe Flash Player Plugin version 10.1.82.76
* Adobe Flash Player Plugin version 10.1.85.3
The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in the ActionScript method of the built-in "Function" class, which accepts an array object as a second parameter and uses this array's length multiplied by four for a memory allocation without any overflow checks. Then it writes the array's content into the allocated memory, which corrupts memory and leads to an exploitable condition.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the Web page. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious Web page, no further user interaction is needed.
Patch Availability:
Adobe has addressed this issue with an update. Further details and patches can be found at the following URL:
http://www.adobe.com/support/security/bulletins/apsb11-02.html
Workaround:
Disable Flash Player plugin by restrict access to Flash Player files, which are usally under C:\WINDOWS\system32\Macromed\Flash\ folder
CVE Information:
CVE-2011-0558
Disclosure Timeline:
09/22/2010 Initial Vendor Notification
09/22/2010 Initial Vendor Reply
02/08/2011 Coordinated Public Disclosure
|
|
|
|
|
