Full Disclosure mailing list archives
Re: DoS vulnerability in Adobe Flash Player (BSOD)
From: Jann Horn <jann () thejh net>
Date: Thu, 4 Apr 2013 00:30:06 +0200
On Thu, Apr 04, 2013 at 01:24:29AM +0300, MustLive wrote:
Hello list! I want to warn you about Denial of Service vulnerability (BSOD) in Adobe Flash Player. I've found this vulnerability at 27.01.2013. ------------------------- Affected products: ------------------------- Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI video cards. Adobe have fixed it at 12.02.2013 in their patch APSB13-05 (https://www.adobe.com/support/security/bulletins/apsb13-05.html), which fixed multiple vulnerabilities in flash player. At that Adobe did it hiddenly without mentioned about this vulnerability and without referencing on me. After my informing in the end of January, they was "checking it" during 1,5 months and said, that they can't reproduce this vulnerability (at that I've reproduced it on multiple computers with ATI video cards), that they don't know anything (the hole was accidentally fixed in APSB13-05) and this DoS doesn't related to them.
Sorry, but how can this be a vuln in *Flash*, a *user-space* component, if it can be used to cause a BSOD, which, as far as I know, means that something bad happened *in the Kernel*? Sounds to me as if Flash is not the (or at least not the only) culprit...
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DoS vulnerability in Adobe Flash Player (BSOD) MustLive (Apr 03)
- Re: DoS vulnerability in Adobe Flash Player (BSOD) Jann Horn (Apr 03)