Adobe Shockwave Player多个整数溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1180613 漏洞类型 数字错误
发布时间 2010-01-19 更新时间 2010-01-20
CVE编号 CVE-2009-4003 CNNVD-ID CNNVD-201001-214
漏洞平台 N/A CVSS评分 9.3
|漏洞来源
https://www.securityfocus.com/bid/37872
https://cxsecurity.com/issue/WLB-2010010185
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201001-214
|漏洞详情
AdobeShockwavePlayer11.5.6.606之前的版本中存在多个整数溢出,远程攻击者可以借助(1)一个Shockwave文件中的未明阻碍类型,导致一个堆缓冲溢出执行任意代码;远程攻击者还可能借助(2)一个Shockwave文件中的一个未明3D阻碍,导致内存损坏;或(3)一个Shockwave文件中的一个人工3D模型,导致堆存储损坏,执行任意代码。
|漏洞EXP
======================================================================

Secunia Research 20/01/2010

- Adobe Shockwave Player 3D Model Two Integer Overflows -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software

* Adobe Shockwave Player 11.5.2.602

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity

Rating: Highly critical
Impact: System access
Where:  From remote

====================================================================== 
3) Vendor's Description of Software

"Over 450 million Internet-enabled desktops have installed Adobe 
Shockwave Player. These people now have access to some of the best the
Web has to offer - including dazzling 3D games and entertainment, 
interactive product demonstrations, and online learning applications."

Product Link:
http://www.adobe.com/products/shockwaveplayer/

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered two vulnerabilities in Adobe Shockwave 
Player, which can be exploited by malicious people to compromise a 
user's system.

The vulnerabilities are caused by two integer overflow errors when
processing Shockwave 3D models. These can be exploited to corrupt 
heap memory via specially crafted Shockwave files.

Successful exploitation may allow execution of arbitrary code.

====================================================================== 
5) Solution

Update to version 11.5.6.606 or later.

====================================================================== 
6) Time Table

23/12/2009 - Vendor notified.
24/12/2009 - Vendor response.
16/01/2010 - Vendor provides status update.
20/01/2010 - Public disclosure.

====================================================================== 
7) Credits

Discovered by Alin Rad Pop, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2009-4003 for the vulnerabilities.

====================================================================== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-62/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

|受影响的产品
Adobe Shockwave Player 11.5.2 .602 Adobe Shockwave Player 11.5.1 .601 Adobe Shockwave Player 11.5 .601 Adobe Shockwave Player 11.5 .600 Adobe Shockwave Player 11.5 .596 A
|参考资料

来源:www.adobe.com
链接:http://www.adobe.com/support/security/bulletins/apsb10-03.html
来源:XF
名称:shockwave-shockwave-bo(55759)
链接:http://xforce.iss.net/xforce/xfdb/55759
来源:VUPEN
名称:ADV-2010-0171
链接:http://www.vupen.com/english/advisories/2010/0171
来源:BID
名称:37872
链接:http://www.securityfocus.com/bid/37872
来源:BUGTRAQ
名称:20100120SecuniaResearch:AdobeShockwavePlayer3DModelTwoIntegerOverflows
链接:http://www.securityfocus.com/archive/1/archive/1/509058/100/0/threaded
来源:BUGTRAQ
名称:20100120SecuniaResearch:AdobeShockwavePlayerFourIntegerOverflowVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/509055/100/0/threaded
来源:BUGTRAQ
名称:20100120SecuniaResearch:AdobeShockwavePlayerIntegerOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/509053/100/0/threaded
来源:SECTRACK
名称:1023481
链接:http://securitytracker.com/id?1023481
来源:MISC
链接:http://secunia.com/secunia_research/2010-1/
来源:MISC
链接:http://secunia.com/secunia_research/2009-63/
来源:MISC
链接:http://secunia.com/secun