[CAL-20100204-1]Adobe Shockwave Player Director文件分析ATOM size无限循环漏洞

影响版本
========
11.5.2.602 ,11.5.6.606 and prior


CVE ID: CVE-2010-1282
CAL ID: CAL-20100204-1


漏洞描述
========

Code Audit Labs http://www.vulnhunt.com 在Adobe's Shockwave Player软件中
发现一个漏洞，触发该漏洞需要用户访问一个畸形的web页面。

该漏洞存在于当shockwave player分析atom size时，不当处理导致代码无限循环。
成功利用能导致cpu 100%,造成拒绝服务攻击。

参考
http://www.adobe.com/support/security/bulletins/apsb10-12.html


时间表
======
2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
2010-5-11 Coordinated public release of advisory.


About Code Audit Labs:
=====================
Code Audit Labs是南京恒信安(暂定)信息技术有限公司的代码审计部门，公司是由国际资深安全研究人员在中国南京创办一家提供专业的安全测试产品/服务/咨询培训的安全公司.旨在为各家软硬件生产厂商,行业用户提供专业的高覆盖可度量的安全测试,帮助他们改进自身产品和系统的安全.
我们希望为信息产业在开发过程之中就打造起信息安全的基石,提供安全质量,并凭借着为企业带来的价值而成为国际最专业的安全测试产品和服务的提供商.
公司网站 http://www.VulnHunt.com ( online soon)

厂商公告地址:

http://www.adobe.com/support/security/bulletins/apsb10-12.html

补丁地址:

http://get.adobe.com/shockwave/

-----------------------------------------------------------------------------------------------------------------------------

[CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability


Affected Products

Affected Products
=================
11.5.2.602 ,11.5.6.606 and prior

CVE ID: CVE-2010-1282
CAL ID: CAL-20100204-1


Vulnerability Details
=====================

Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
allows remote attackers to execute code on vulnerable
installations of Adobe's Shockwave Player. User interaction is required
in that a user must visit a malicious web site.

The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File.
Exploitation can lead to remote system high cpu load ( infinite loop).



Disclosure Timeline
===================
2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
2010-5-11 Coordinated public release of advisory.


About Code Audit Labs:
=====================
Code Audit Labs is department of VulnHunt company which provide a
professional security testing products / services / security consulting
and training ,we sincerely hope we can help your procudes to improve code
quality and safety.
WebSite http://www.VulnHunt.com ( online soon)