|
|
|
|
| |
There exists a vulnerability within Macromedia's Flash software in its handling of malformed Flash files. Attackers can use this vulnerability to compromise user's operating system. A corrupt file may be placed on a website or in some cases within an HTML email.
eEye provided Macromedia with various corrupt Flash files, a few of which eEye verified for exploitability. Macromedia has since fixed the exploitable conditions as well as various other bugs that were found.
The primary danger of exploiting Macromedia Flash is its extensive user base and portability across operating systems. Further, it is "version frozen" on operating system installation set-ups, so issues may linger for sometime. Regardless, Macromedia has fixed all of the known issues. |
| |
Credit:
The information has been provided by Marc Maiffret.
|
| |
Systems Affected:
* Macromedia Flash Player versions older than 6.0.65.0
Technical Description:
The data header is roughly made out as:
[Flash Signature][version (1)][File Length(a number of bytes too short)][Frame Size (malformed)][Frame Rate (malformed)][Frame Count(malformed)][Data]
While the diagram may remain the same for this issue as in the previous issue (http://www.eeye.com/html/Research/Advisories/AD20020808b.html), there are variations in the malformed data which are very specific to this issue. In this case, EBP is completely controlled, so exploitation is straight-forward. EDI is also directly controlled as well as EDX and EDI which all give attackers the ability to easily exploit the vulnerable scenarios.
Vendor Status:
Macromedia has been notified and released a patch for this vulnerability, available at:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23569
|
|
|
|
|
