'[Full-disclosure] DoS vulnerability in Adobe Flash Player (BSOD)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] DoS vulnerability in Adobe Flash Player (BSOD)
From:       "MustLive" <mustliveua () gmail ! com>
Date:       2013-12-30 19:11:08
Message-ID: 005e01cf0592$eec47410$9b7a6fd5 () pc
[Download RAW message or body]

Hello list!

At beginning of this year I informed you about DoS vulnerability in Adobe 
Flash. Look at advisory (http://seclists.org/fulldisclosure/2013/Apr/9) with 
exploit and video demonstration (http://www.youtube.com/watch?v=xi29KZ3LD80) 
of previous DoS in Flash. Adobe hiddenly fixed it in the patch APSB13-05 and 
answered that "a fix to another hole accidentally fixed this hole". And here 
is a new DoS. Which can be new hole or can be related to old one (if Adobe 
has resurrected old DoS hole in new versions of Flash).

This is Denial of Service vulnerability in Adobe Flash, which leaded to 
BSOD. Last week I informed Adobe and Mozilla (since attack works only in 
Mozilla browsers).

-------------------------
Affected products:
-------------------------

Attack works only on AMD/ATI video cards. I checked it on multiple computers 
with Windows XP, Windows 7 and Ubuntu Linux 13.04.

Vulnerable Adobe Flash 11.9.900.152 and 11.9.900.170 (the last version) for 
Windows and Flash 11.2.202.332 for Linux (the last version for this OS). On 
Linux there is 100% CPU consumption and on Windows (XP and 7) there is crash 
of the OS.

----------
Details:
----------

Denial of Service (WASC-10):

This is Denial of Service vulnerability, which leads to crash of Operating 
System (tested on Windows XP and 7). As previous DoS hole, this one also 
works only with AMD/ATI video cards (and it works on different OS unlike 
previous DoS in Flash). Also it works potentially in any flash media player 
in Internet - at any web sites, including YouTube (it doesn't require swf 
file of VideoJS, as previous hole).

This is memory corruption (access violation) vulnerability. Which can be 
used for BSOD and potentially for remote code execution.

Here is video, which demonstrates this vulnerability in Flash:

http://www.youtube.com/watch?v=-YgbPCq-dH0

In the video there is web site with JW Player (but freezing and/or crashing 
of the OS happens in any flash video players).

Attack is going on a browser Firefox (on Windows XP freezing or BSOD can be 
from the first or not from the first time, 100% CPU consumption on Linux 
works all the time). In Mozilla Firefox 3.0.19, 10.0.7 ESR, 15.0.1 and 26 - 
freezing of the browser and BSOD of the OS.

I have disclosed it at my site (http://websecurity.com.ua/6939/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic