Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DoS vulnerability in Adobe Flash Player (BSOD)
From: sixtyvividtails <sixtyvividtails () yandex com>
Date: Sun, 05 Jan 2014 22:24:16 +0000

Do you have any plans to release more details regarding this denial of
service vulnerability? BSOD crashdump, may be?

On 2013-12-30 19:11, MustLive wrote:
Hello list!

At beginning of this year I informed you about DoS vulnerability in
Adobe Flash. Look at advisory
(http://seclists.org/fulldisclosure/2013/Apr/9) with exploit and video
demonstration (http://www.youtube.com/watch?v=xi29KZ3LD80) of previous
DoS in Flash. Adobe hiddenly fixed it in the patch APSB13-05 and
answered that "a fix to another hole accidentally fixed this hole".
And here is a new DoS. Which can be new hole or can be related to old
one (if Adobe has resurrected old DoS hole in new versions of Flash).

This is Denial of Service vulnerability in Adobe Flash, which leaded
to BSOD. Last week I informed Adobe and Mozilla (since attack works
only in Mozilla browsers).

-------------------------
Affected products:
-------------------------

Attack works only on AMD/ATI video cards. I checked it on multiple
computers with Windows XP, Windows 7 and Ubuntu Linux 13.04.

Vulnerable Adobe Flash 11.9.900.152 and 11.9.900.170 (the last
version) for Windows and Flash 11.2.202.332 for Linux (the last
version for this OS). On Linux there is 100% CPU consumption and on
Windows (XP and 7) there is crash of the OS.

----------
Details:
----------

Denial of Service (WASC-10):

This is Denial of Service vulnerability, which leads to crash of
Operating System (tested on Windows XP and 7). As previous DoS hole,
this one also works only with AMD/ATI video cards (and it works on
different OS unlike previous DoS in Flash). Also it works potentially
in any flash media player in Internet - at any web sites, including
YouTube (it doesn't require swf file of VideoJS, as previous hole).

This is memory corruption (access violation) vulnerability. Which can
be used for BSOD and potentially for remote code execution.

Here is video, which demonstrates this vulnerability in Flash:

http://www.youtube.com/watch?v=-YgbPCq-dH0

In the video there is web site with JW Player (but freezing and/or
crashing of the OS happens in any flash video players).

Attack is going on a browser Firefox (on Windows XP freezing or BSOD
can be from the first or not from the first time, 100% CPU consumption
on Linux works all the time). In Mozilla Firefox 3.0.19, 10.0.7 ESR,
15.0.1 and 26 - freezing of the browser and BSOD of the OS.

I have disclosed it at my site (http://websecurity.com.ua/6939/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-- 
sixtyvividtails () yandex com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: DoS vulnerability in Adobe Flash Player (BSOD) sixtyvividtails (Jan 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault