Full Disclosure mailing list archives
DoS vulnerability in Adobe Flash Player (BSOD)
From: "MustLive" <mustlive () websecurity com ua>
Date: Thu, 4 Apr 2013 01:24:29 +0300
Hello list! I want to warn you about Denial of Service vulnerability (BSOD) in Adobe Flash Player. I've found this vulnerability at 27.01.2013. ------------------------- Affected products: ------------------------- Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI video cards. Adobe have fixed it at 12.02.2013 in their patch APSB13-05 (https://www.adobe.com/support/security/bulletins/apsb13-05.html), which fixed multiple vulnerabilities in flash player. At that Adobe did it hiddenly without mentioned about this vulnerability and without referencing on me. After my informing in the end of January, they was "checking it" during 1,5 months and said, that they can't reproduce this vulnerability (at that I've reproduced it on multiple computers with ATI video cards), that they don't know anything (the hole was accidentally fixed in APSB13-05) and this DoS doesn't related to them. ---------- Details: ---------- Denial of Service (WASC-10): This is Denial of Service vulnerability, which leads to crash of Operating System (tested on Windows XP and 7). Here is video, which demonstrates this vulnerability in Flash: http://www.youtube.com/watch?v=xi29KZ3LD80 This is memory corruption (access violation) vulnerability. Which can be used for BSOD and potentially for remote code execution. For attack the flash-file is used VideoJS Flash Component from Zencoder. I've informed developers of this video player already in beginning of February. Attack works in browsers Firefox and Opera (at that BSOD works only in Firefox): In Mozilla Firefox 15.0.1 and 18.0.1 - freezing of the browser (which can't be closed) and BSOD of the system. In Mozilla Firefox 3.0.19 and 10.0.7 ESR - no problems (all is working normally). In Opera 10.62 - freezing of the browser (which can be closed). PoC/Exploit: http://websecurity.com.ua/uploads/2013/Adobe%20Flash%20DoS%20BSOD.rar To start the exploit it's needed to placed it on web server (e.g. on localhost), put any mp4-file under name poc.mp4 near poc.htm and start htm-file (at web server). And then click on speaker image or on area of video player. ------------ Timeline:------------
2013.01.27 - found vulnerability. 2013.01.28 - recorded video PoC. And in the night have informed developers. 2013.02.01 - again informed developers, because they didn't answer. After that Adobe answered on the first letter. 2013.02.08 - informed developers of VideoJS. 2013.02.12 - Adobe fixed vulnerability and released patch, but still investigating. 2013.02-03 - during February-March, while Adobe was investigating this vulnerability, I've sent them information about different tested computers where hole was working (on ATI cards) and was not working (on nVidia cards). And sent them all information they needed. 2013.03.02 - announced at my site. 2013.03.13 - Adobe finished investigation. 2013.04.03 - disclosed at my site (http://websecurity.com.ua/6364/). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DoS vulnerability in Adobe Flash Player (BSOD) MustLive (Apr 03)
- Re: DoS vulnerability in Adobe Flash Player (BSOD) Jann Horn (Apr 03)