Re: [Full-disclosure] DoS vulnerability in Adobe Flash Player (BSOD)
Do you have any plans to release more details regarding this denial of service vulnerability? BSOD crashdump, may be? On 2013-12-30 19:11, MustLive wrote: Hello list! At beginning of this year I informed you about DoS vulnerability in Adobe Flash. Look at advisory (http://seclists.org/fulldisclosure/2013/Apr/9) with exploit and video demonstration (http://www.youtube.com/watch?v=xi29KZ3LD80) of previous DoS in Flash. Adobe hiddenly fixed it in the patch APSB13-05 and answered that a fix to another hole accidentally fixed this hole. And here is a new DoS. Which can be new hole or can be related to old one (if Adobe has resurrected old DoS hole in new versions of Flash). This is Denial of Service vulnerability in Adobe Flash, which leaded to BSOD. Last week I informed Adobe and Mozilla (since attack works only in Mozilla browsers). - Affected products: - Attack works only on AMD/ATI video cards. I checked it on multiple computers with Windows XP, Windows 7 and Ubuntu Linux 13.04. Vulnerable Adobe Flash 11.9.900.152 and 11.9.900.170 (the last version) for Windows and Flash 11.2.202.332 for Linux (the last version for this OS). On Linux there is 100% CPU consumption and on Windows (XP and 7) there is crash of the OS. -- Details: -- Denial of Service (WASC-10): This is Denial of Service vulnerability, which leads to crash of Operating System (tested on Windows XP and 7). As previous DoS hole, this one also works only with AMD/ATI video cards (and it works on different OS unlike previous DoS in Flash). Also it works potentially in any flash media player in Internet - at any web sites, including YouTube (it doesn't require swf file of VideoJS, as previous hole). This is memory corruption (access violation) vulnerability. Which can be used for BSOD and potentially for remote code execution. Here is video, which demonstrates this vulnerability in Flash: http://www.youtube.com/watch?v=-YgbPCq-dH0 In the video there is web site with JW Player (but freezing and/or crashing of the OS happens in any flash video players). Attack is going on a browser Firefox (on Windows XP freezing or BSOD can be from the first or not from the first time, 100% CPU consumption on Linux works all the time). In Mozilla Firefox 3.0.19, 10.0.7 ESR, 15.0.1 and 26 - freezing of the browser and BSOD of the OS. I have disclosed it at my site (http://websecurity.com.ua/6939/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- sixtyvividta...@yandex.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DoS vulnerability in Adobe Flash Player (BSOD)
Hello list! At beginning of this year I informed you about DoS vulnerability in Adobe Flash. Look at advisory (http://seclists.org/fulldisclosure/2013/Apr/9) with exploit and video demonstration (http://www.youtube.com/watch?v=xi29KZ3LD80) of previous DoS in Flash. Adobe hiddenly fixed it in the patch APSB13-05 and answered that a fix to another hole accidentally fixed this hole. And here is a new DoS. Which can be new hole or can be related to old one (if Adobe has resurrected old DoS hole in new versions of Flash). This is Denial of Service vulnerability in Adobe Flash, which leaded to BSOD. Last week I informed Adobe and Mozilla (since attack works only in Mozilla browsers). - Affected products: - Attack works only on AMD/ATI video cards. I checked it on multiple computers with Windows XP, Windows 7 and Ubuntu Linux 13.04. Vulnerable Adobe Flash 11.9.900.152 and 11.9.900.170 (the last version) for Windows and Flash 11.2.202.332 for Linux (the last version for this OS). On Linux there is 100% CPU consumption and on Windows (XP and 7) there is crash of the OS. -- Details: -- Denial of Service (WASC-10): This is Denial of Service vulnerability, which leads to crash of Operating System (tested on Windows XP and 7). As previous DoS hole, this one also works only with AMD/ATI video cards (and it works on different OS unlike previous DoS in Flash). Also it works potentially in any flash media player in Internet - at any web sites, including YouTube (it doesn't require swf file of VideoJS, as previous hole). This is memory corruption (access violation) vulnerability. Which can be used for BSOD and potentially for remote code execution. Here is video, which demonstrates this vulnerability in Flash: http://www.youtube.com/watch?v=-YgbPCq-dH0 In the video there is web site with JW Player (but freezing and/or crashing of the OS happens in any flash video players). Attack is going on a browser Firefox (on Windows XP freezing or BSOD can be from the first or not from the first time, 100% CPU consumption on Linux works all the time). In Mozilla Firefox 3.0.19, 10.0.7 ESR, 15.0.1 and 26 - freezing of the browser and BSOD of the OS. I have disclosed it at my site (http://websecurity.com.ua/6939/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DoS vulnerability in Adobe Flash Player (BSOD)
Hello list! I want to warn you about Denial of Service vulnerability (BSOD) in Adobe Flash Player. I've found this vulnerability at 27.01.2013. - Affected products: - Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI video cards. Adobe have fixed it at 12.02.2013 in their patch APSB13-05 (https://www.adobe.com/support/security/bulletins/apsb13-05.html), which fixed multiple vulnerabilities in flash player. At that Adobe did it hiddenly without mentioned about this vulnerability and without referencing on me. After my informing in the end of January, they was checking it during 1,5 months and said, that they can't reproduce this vulnerability (at that I've reproduced it on multiple computers with ATI video cards), that they don't know anything (the hole was accidentally fixed in APSB13-05) and this DoS doesn't related to them. -- Details: -- Denial of Service (WASC-10): This is Denial of Service vulnerability, which leads to crash of Operating System (tested on Windows XP and 7). Here is video, which demonstrates this vulnerability in Flash: http://www.youtube.com/watch?v=xi29KZ3LD80 This is memory corruption (access violation) vulnerability. Which can be used for BSOD and potentially for remote code execution. For attack the flash-file is used VideoJS Flash Component from Zencoder. I've informed developers of this video player already in beginning of February. Attack works in browsers Firefox and Opera (at that BSOD works only in Firefox): In Mozilla Firefox 15.0.1 and 18.0.1 - freezing of the browser (which can't be closed) and BSOD of the system. In Mozilla Firefox 3.0.19 and 10.0.7 ESR - no problems (all is working normally). In Opera 10.62 - freezing of the browser (which can be closed). PoC/Exploit: http://websecurity.com.ua/uploads/2013/Adobe%20Flash%20DoS%20BSOD.rar To start the exploit it's needed to placed it on web server (e.g. on localhost), put any mp4-file under name poc.mp4 near poc.htm and start htm-file (at web server). And then click on speaker image or on area of video player. Timeline: 2013.01.27 - found vulnerability. 2013.01.28 - recorded video PoC. And in the night have informed developers. 2013.02.01 - again informed developers, because they didn't answer. After that Adobe answered on the first letter. 2013.02.08 - informed developers of VideoJS. 2013.02.12 - Adobe fixed vulnerability and released patch, but still investigating. 2013.02-03 - during February-March, while Adobe was investigating this vulnerability, I've sent them information about different tested computers where hole was working (on ATI cards) and was not working (on nVidia cards). And sent them all information they needed. 2013.03.02 - announced at my site. 2013.03.13 - Adobe finished investigation. 2013.04.03 - disclosed at my site (http://websecurity.com.ua/6364/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DoS vulnerability in Adobe Flash Player (BSOD)
On Thu, Apr 04, 2013 at 01:24:29AM +0300, MustLive wrote: Hello list! I want to warn you about Denial of Service vulnerability (BSOD) in Adobe Flash Player. I've found this vulnerability at 27.01.2013. - Affected products: - Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI video cards. Adobe have fixed it at 12.02.2013 in their patch APSB13-05 (https://www.adobe.com/support/security/bulletins/apsb13-05.html), which fixed multiple vulnerabilities in flash player. At that Adobe did it hiddenly without mentioned about this vulnerability and without referencing on me. After my informing in the end of January, they was checking it during 1,5 months and said, that they can't reproduce this vulnerability (at that I've reproduced it on multiple computers with ATI video cards), that they don't know anything (the hole was accidentally fixed in APSB13-05) and this DoS doesn't related to them. Sorry, but how can this be a vuln in *Flash*, a *user-space* component, if it can be used to cause a BSOD, which, as far as I know, means that something bad happened *in the Kernel*? Sounds to me as if Flash is not the (or at least not the only) culprit... signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/