首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Flash Movie Player v1.5 File Magic Denial of Service Vulnerability
来源:vfocus.net 作者: Matthew Bergin 发布时间:2010-08-26   
Flash Movie Player v1.5 File Magic Crash
http://www.eolsoft.com/
http://www.eolsoft.com/freeware/flash_movie_player/

Author: Matthew Bergin
Website: http://berginpentesting.com
Date: August 25, 2010

Description: Flash Movie Player is a free stand-alone player for ShockWave Flash (SWF) animations, based on the Macromedia Flash Player plugin. In addition to all Macromedia Flash Player abilities, it has some extended features, such as animation rewinding, advanced full screen mode, playlists, browser cache integration and exe projectors support. 

The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason. You are welcome to use this software without paying any kind of fee.

Flash Information
Plugin: Adobe Flash Player 10.1 r52
Version: 10.1.52.14
File: C:\WINDOWS\system32\Macromed\Flash\Flash10g.ocx
Operating System: Windows XP SP3

Bug Information:
Exception at UNKNOWN_VALUE: 0x0EEDFADE
0x0EEDFADE - Delphi exception was caught by one of the RTL's default C++ exception handlers.
#1 7C812AFB : RaiseException (RaiseException) 00491EFE (0012E8B0/00000000) C:\WINDOWS\system32\advapi32.dll
#2 00491EFE : 00491F34 (0012E908/00000000) 
#3 00491F34 : 0049552E (0012E914/00000000) 
#4 0049552E : 004953BE (0012E954/00000000) 
#5 004953BE : 004B99BA (0012E96C/00000000) 
#6 004B99BA : 00495925 (0012E9A4/00000000) 
#7 00495925 : 004947AE (0012E9DC/00000000) 
#8 004947AE : 1018D704 (0012E9F0/00000000) 
#9 1018D704 : 10193E91 (0012EA38/00000000) .text
#10 10193E91 : FFFFFFFF (0012EADC/00000000) .text
#11 FFFFFFFF : 00000000 (FFFF4000/00000000) C:\WINDOWS\system32\kernel32.dll

Reproducing this bug:

Reproduction is very simple. The first 3 bytes of any SWF file is FWS, to reproduce the issue we need to replace the first byte 'F' with an '`' to make the magic look like '`WS' and load this file into Flash Movie Player.

POC: http://www.exploit-db.com/sploits/14767.tar.gz
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Skype <= 4.2.0.169 DLL Hija
·Roxio Creator DE DLL Hijacking
·Mediaplayer Classic 1.3.2189.0
·Nvidia Driver DLL Hijacking Ex
·TechSmith Snagit 10 (Build 788
·Windows Program Group DLL Hija
·Bloodshed Dev-C++ Binary Hijac
·Adobe Premier Pro CS4 DLL Hija
·Ettercap NG-0.7.3 DLL Hijackin
·Adobe On Location CS4 DLL Hija
·Adobe Acrobat Reader All Versi
·Adobe Illustrator CS4 DLL Hija
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved