[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01)

VUPEN Security Research - Adobe Shockwave DIRAPI Lctx Chunck Memory Corruption Vulnerability (APSB11-01) 

http://www.vupen.com/english/research.php


I. BACKGROUND
---------------------

"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to offer 
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com


II. DESCRIPTION
---------------------

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Adobe Shockwave.

The vulnerability is caused by a memory corruption error in the "DIRAPI.dll"
module when processing the "LCTX" chunk within a Director File, which could
be exploited by remote attackers to execute arbitrary code by tricking a
user into visiting a malicious web page.

CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)


III. AFFECTED PRODUCTS
---------------------------

Adobe Shockwave Player version 11.5.9.615 and prior


IV. Binary Analysis & Exploits/PoCs
---------------------------------------

In-depth binary analysis of the vulnerability and a code execution exploit
are available through the VUPEN Binary Analysis & Exploits Service :

http://www.vupen.com/english/services/ba-index.php


V. VUPEN Threat Protection Program
-----------------------------------
To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN 
Threat Protection Program (TPP).
VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. 

VUPEN TPP customers have been protected against this vulnerability 9 months
before the release of the Adobe patch.

http://www.vupen.com/english/services/tpp-index.php


VI. SOLUTION
----------------

Upgrade to Adobe Shockwave Player version 11.5.9.620.


VII. CREDIT
--------------

This vulnerability was discovered by Chaouki Bekrar of VUPEN Security


VIII. ABOUT VUPEN Security
---------------------------

VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be exploited,
ensure security policy compliance and meaningfully measure and manage risks.

Governmental and federal agencies, and global enterprises in the financial
services, insurance, manufacturing and technology industries rely on VUPEN
to improve their security, prioritize resources, cut time and costs, and
stay ahead of the latest threats.

* VUPEN Vulnerability Notification Service (VNS) :
http://www.vupen.com/english/services/vns-index.php

* VUPEN Binary Analysis & Exploits Service (BAE) :
http://www.vupen.com/english/services/ba-index.php

* VUPEN Threat Protection Program for Govs (TPP) :
http://www.vupen.com/english/services/tpp-index.php

* VUPEN Web Application Security Scanner (WASS) :
http://www.vupen.com/english/services/wass-index.php


IX. REFERENCES
----------------------

http://www.vupen.com/english/research-vuln.php
http://www.vupen.com/english/advisories/2011/0335
http://www.adobe.com/support/security/bulletins/apsb11-01.html


X. DISCLOSURE TIMELINE
-----------------------------

2010-05-15 - Vulnerability Discovered by VUPEN
2010-05-17 - VUPEN TPP customers informed
2010-xx-xx - Vulnerability rediscovered by third parties
2011-02-08 - Adobe security update released