Defaulted to export symbols for DIRAPI.dll - \n DIRAPI!Ordinal14+0x3b16:\n 68008bd6 2b4f04 sub ecx,dword ptr ds:0023:a80487dc=?\n\n-\n\nEAX FFFFFFFF\nECX 41414141\nEDX FFFFFFFF\nEBX 00000018\nESP 0012F3B4\nEBP 02793578\nESI 0012F3C4\nEDI 02793578\nEIP 69009F1F IM元2.69009F1F\n\n=\n\n\n\n\n\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\n\nliquidworm gmail com\n\nZero Science Lab - Macedonian Information Security Research & Development Laboratory\n\n\n\n\n\n\n\n\nZero Science Lab Advisory ID: ZSL-2010-4937\n\nAdvisory: \n\nAdobe Advisory ID: APSB10-12\n\nAdvisory: \n\nCVE ID: CVE-2010-1280\n\n\n\n\nDisclosure timeline: Vulnerability discovered.\n\t\t Vendor contacted with sent PoC files.\n\t\t Vendor replied.\n\t\t Asked vendor for confirmation.\n\t\t Vendor verifies the weakness.\n\t\t Vendor reveals patch release date.\n\t\t Coordinated public advisory.\n\n\n*/\n\n\n#include \n#include \n#include \n#include \n \n#define FFORMAT \"Shock.
#ADOBE SHOCKWAVE PLAYER CODE#
dir files resulting in a crash and overwrite of a few memory registers.\n\n\nTested on: Microsoft Windows XP Professional SP3 (English)\n\n\nVersion tested: 11.5.6.606\n\n\n\n=\n\n (f94.ae4): Access violation - code c0000005 (first chance)\n First chance exceptions are reported before any exception handling.\n This exception may be expected and handled.\n eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8\n eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc\n cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206\n *** WARNING: Unable to verify checksum for C:\\Program Files\\Adobe\\Adobe Director 11\\DIRAPI.dll\n *** ERROR: Symbol file could not be found.
#ADOBE SHOCKWAVE PLAYER SOFTWARE#
Each is a multimedia software platform with a web browser plugin. The vulnerable software fails to sanitize user input when\n processing. Both Shockwave and Flash were developed by Macromedia, a company Adobe acquired back in 2005.
Shockwave Player displays Web content that has been created\n\t by Adobe Director.\n\n\nDesc: Shockwave Player version 11.5.6.606 and earlier from Adobe suffers from a memory consumption / \n corruption and buffer overflow vulnerabilities that can aid the attacker to cause denial of service\n scenarios and arbitrary code execution. Adobe Animate Adobe Flash Player Computer Software Adobe Flash Lite. , "sourceHref": "", "sourceData": "/*\n\n\nTitle: Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities\n\n\n\n\nVendor: Adobe Systems Incorporated\n\n\nProduct web page: \n\n\nSummary: Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.\n\t These people now have access to some of the best the Web has to offer - including\n\t dazzling 3D games and entertainment, interactive product demonstrations, and online\n\t learning applications. Adobe Shockwave Player is a plugin for web-browsers that enables them to play multimedia information such as videos, 3D animations, games and more. Adobe Shockwave Adobe Flash Player Adobe Systems Adobe Director, adobe, text.
0 kommentar(er)
