exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2011-0335

Status Candidate

Overview

Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.

Related Files

iDEFENSE Security Advisory 2011-06-14.2
Posted Jun 18, 2011
Authored by iDefense Labs, Luigi Auriemma | Site idefense.com

iDefense Security Advisory 06.14.11 - Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "DRCF" chunk. Specifically, when parsing a substructure inside of this chunk, it is possible to trigger a code path that leads to an incorrect string copy operation. The vulnerable code performs a certain operation on a heap-based buffer, which has the effect of overwriting the NULL terminator of the string in the middle of the copy operation. This will lead to an endless copy loop until the read operation hits the end of the memory segment. This operation writes beyond the allocated heap buffer, and can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-0335
SHA-256 | 3b0ec1fef75086d0e796f5ce1dea0706958798bc9b403f2258059ba1d3e7612f
iDEFENSE Security Advisory 2011-06-14.1
Posted Jun 18, 2011
Authored by iDefense Labs, Luigi Auriemma | Site idefense.com

iDefense Security Advisory 06.14.11 - Remote exploitation of a integer signedness vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "Lscr" record. This record can embed Lingo script code, which is Shockwave's scripting language. The vulnerability occurs when processing certain opcodes. Specifically, a 32-bit value from the file is used as an offset into a heap buffer without proper validation. When comparing the value to the maximum buffer size, a signed comparison is performed. By using a negative value, it is possible to index outside of the allocated buffer. This results in data outside of the buffer being treated as a valid pointer, and this pointer is later used as the destination of a write operation. This can corrupt an arbitrary memory address, which can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | 952c40d913beb9b78faaad430aeb7a3d76e8f0453128f6534822d4e3d407462d
Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution
Posted Jun 16, 2011
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the dirapi.dll does not properly validate substructure elements before using them to manipulate memory. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | 2e9a419ed0169c3cc6d9ce5d2e301542d14e6febbed1409f4b43cadd505ed726
Zero Day Initiative Advisory 11-220
Posted Jun 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-220 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director (.dir) files. When handling an undocumented substructure, the code within dirapi.dll can be forced to incorrectly calculate a destination pointer if it encounters certain 1-byte opcodes within the .dir file. The assumptions made by the code can allow for malicious values to influence a size parameter that is used to calculate a memory address. This address is then written to with controlled data. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | 7ce4bc2e5363a0845511ebbcaf9f91ca8d13fd5a47368fb1908ec0231aa16841
Zero Day Initiative Advisory 11-216
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-216 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the Dirapi.dll is affected by an integer wrap caused by size values being calculated without proper checking. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | 176bd1c412d29418a16f3ba7958308ea7a8459e66782c9e781ece208211e42f0
Zero Day Initiative Advisory 11-209
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-209 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the Dirapi.dll is affected by an integer wrap caused by the size value being calculated from the difference of two pointers without checking if the first is above the other and resulting in endless copying. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | 5034d98cbb0d3ea6446f4c09451dc005fa93652011d8321fb4238383016f74c7
Zero Day Initiative Advisory 11-205
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-205 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director file format that Shockwave utilizes. When parsing such files, the code within the dirapi.dll module expects to find a chunk with a fourCC value of Lctx. The code does not consider the possibility that one may not exist and in that scenario if fails to properly initialize certain values that are used later on in parsing other chunks. By removing the Lctx chunk and also filling heap memory, an attacker can take advantage of the uninitialized values to write values to an arbitrary location in memory. This can be leveraged to execute remote code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | fd5ea199b1d51fae2bfd1e359349e926c0c617d581efbdf9c9895e040bd33ff0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close