When one goes to update Shockwave, the installer also tries to install some Symantec product via Piggyback. Some may consider this also to be an exploit - $#*& piggy-backers! -- richard
"Ziots, Edward" <ezi...@lifespan.org> wrote on 08/26/2010 07:54:27 AM: > Repost from BugTraq, ( There is multiple vulnerabilities in adobe > that are fixed with the APSB10-020 not just this one. Also it seems > they have found a .DLL hijack in Adobe Illustrator CS4 and Firefox > 3.6.8 from some reports accordingly too., > > ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record > Processing Remote Code Execution Vulnerability > http://www.zerodayinitiative.com/advisories/ZDI-10-164 > August 24, 2010 > -- CVE ID: > CVE-2010-2876 > -- CVSS: > 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) > -- Affected Vendors: > Adobe > -- Affected Products: > Adobe Shockwave Player > -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 10285. > For further product information on the TippingPoint IPS, visit: > http://www.tippingpoint.com > -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code > on vulnerable installations of the Adobe Shockwave Player. User > interaction is required to exploit this vulnerability in that the > target must visit a malicious page or open a malicious file. > The specific flaw exists within the code responsible for parsing . > dir and .dcr files. The director file format is RIFF based. While > parsing an undocumented record of type 0xFFFFFFF8 the process trusts > two user supplied word values when performing arithmetic to > calculate a heap buffer size. By specifying large enough values an > integer wrap can occur. The allocated heap buffer can later be > overflowed with user supplied data. This can be leveraged by > attackers to execute remote code under the context of the user > running the browser. > -- Vendor Response: > Adobe has issued an update to correct this vulnerability. More > details can be found at: > http://www.adobe.com/support/security/bulletins/apsb10-20.html > -- Disclosure Timeline: > 2010-07-20 - Vulnerability reported to vendor > 2010-08-24 - Coordinated public release of advisory > -- Credit: > This vulnerability was discovered by: > * Anonymous > -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) > represents a best-of-breed model for rewarding security researchers > for responsibly disclosing discovered vulnerabilities. > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > http://www.zerodayinitiative.com > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with > the altruistic aim of helping to secure a broader user base, > TippingPoint provides this vulnerability information confidentially > to security vendors (including competitors) who have a vulnerability > protection or mitigation product. > Our vulnerability disclosure policy is available online at: > http://www.zerodayinitiative.com/advisories/disclosure_policy/ > Follow the ZDI on Twitter: > http://twitter.com/thezdi > Edward E. Ziots > CISSP, Network +, Security + > Network Engineer > Lifespan Organization > Email:ezi...@lifespan.org > Cell:401-639-3505 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
