- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23469
- Проверка EDB
-
- Пройдено
- Автор
- COOLKAVEH
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2012-12-18
Код:
Title : Adobe Flash Player 11,5,502,135 memory corruption
Version : 11,5,502,135
Date : 2012-12-17
Vendor : http://www.adobe.com/
Impact : High
Contact : coolkaveh [at] rocketmail.com
Twitter : @coolkaveh
tested : Internet Explorer 8 Windows 7
Author : coolkaveh
###########################################################################################################
Bug :
The vulnerability cause a Memory corruption via a specially
crafted Flv files.
Successful exploits can allow attackers to execute arbitrary code
###########################################################################################################
900.c80): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=02fefd38 ecx=00000000 edx=ffffffff esi=03230000 edi=02fefd3c
eip=01953095 esp=02fefc2c ebp=02fefd48 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246
Flash32_11_5_502_135!DllUnregisterServer+0x22d8bf:
01953095 0fbf1456 movsx edx,word ptr [esi+edx*2] ds:0023:0322fffe=????
Exception Faulting Address: 0x322fffe
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Faulting Instruction:01953095 movsx edx,word ptr [esi+edx*2]
Basic Block:
01953095 movsx edx,word ptr [esi+edx*2]
Tainted Input Operands: edx, esi
01953099 inc eax
0195309a cmp dword ptr [ebp-0ch],1
0195309e mov dword ptr [ebp+ecx*4-110h],edx
Tainted Input Operands: edx
019530a5 mov dword ptr [ebp+8],eax
019530a8 jne flash32_11_5_502_135!dllunregisterserver+0x22d887 (0195305d)
Exception Hash (Major/Minor): 0x1e0f6a3f.0x1e0f6a1c
Stack Trace:
Flash32_11_5_502_135!DllUnregisterServer+0x22d8bf
Flash32_11_5_502_135!DllUnregisterServer+0x22c4e7
Flash32_11_5_502_135!DllUnregisterServer+0x22c8e7
Flash32_11_5_502_135!DllUnregisterServer+0x22ceca
Flash32_11_5_502_135+0x19f324
Flash32_11_5_502_135+0x19f36a
Flash32_11_5_502_135+0x19fd15
Flash32_11_5_502_135!DllUnregisterServer+0x48ff3
Flash32_11_5_502_135!DllUnregisterServer+0x49072
Instruction Address: 0x0000000001953095
###########################################################################################################
Proof of concept included.
http://www48.zippyshare.com/v/64875465/file.html
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23469.rar
- Источник
- www.exploit-db.com