Re: DoS vulnerability in Adobe Flash Player (BSOD)

[sixtyvividtails <sixtyvividtails () yandex com>]

Do you have any plans to release more details regarding this denial of
service vulnerability? BSOD crashdump, may be?

On 2013-12-30 19:11, MustLive wrote:
> Hello list!
>
> At beginning of this year I informed you about DoS vulnerability in
> Adobe Flash. Look at advisory
> (http://seclists.org/fulldisclosure/2013/Apr/9) with exploit and video
> demonstration (http://www.youtube.com/watch?v=xi29KZ3LD80) of previous
> DoS in Flash. Adobe hiddenly fixed it in the patch APSB13-05 and
> answered that "a fix to another hole accidentally fixed this hole".
> And here is a new DoS. Which can be new hole or can be related to old
> one (if Adobe has resurrected old DoS hole in new versions of Flash).
>
> This is Denial of Service vulnerability in Adobe Flash, which leaded
> to BSOD. Last week I informed Adobe and Mozilla (since attack works
> only in Mozilla browsers).
>
> -------------------------
> Affected products:
> -------------------------
>
> Attack works only on AMD/ATI video cards. I checked it on multiple
> computers with Windows XP, Windows 7 and Ubuntu Linux 13.04.
>
> Vulnerable Adobe Flash 11.9.900.152 and 11.9.900.170 (the last
> version) for Windows and Flash 11.2.202.332 for Linux (the last
> version for this OS). On Linux there is 100% CPU consumption and on
> Windows (XP and 7) there is crash of the OS.
>
> ----------
> Details:
> ----------
>
> Denial of Service (WASC-10):
>
> This is Denial of Service vulnerability, which leads to crash of
> Operating System (tested on Windows XP and 7). As previous DoS hole,
> this one also works only with AMD/ATI video cards (and it works on
> different OS unlike previous DoS in Flash). Also it works potentially
> in any flash media player in Internet - at any web sites, including
> YouTube (it doesn't require swf file of VideoJS, as previous hole).
>
> This is memory corruption (access violation) vulnerability. Which can
> be used for BSOD and potentially for remote code execution.
>
> Here is video, which demonstrates this vulnerability in Flash:
>
> http://www.youtube.com/watch?v=-YgbPCq-dH0
>
> In the video there is web site with JW Player (but freezing and/or
> crashing of the OS happens in any flash video players).
>
> Attack is going on a browser Firefox (on Windows XP freezing or BSOD
> can be from the first or not from the first time, 100% CPU consumption
> on Linux works all the time). In Mozilla Firefox 3.0.19, 10.0.7 ESR,
> 15.0.1 and 26 - freezing of the browser and BSOD of the OS.
>
> I have disclosed it at my site (http://websecurity.com.ua/6939/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
sixtyvividtails () yandex com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/