Adobe ShockWave Player (11.5.1.601) Remote DoS

vendor:

ShockWave Player

by:

Francis Provencher

7.8

CVSS

HIGH

Stack Overflow

119

CWE

Product Name: ShockWave Player

Affected Version From: 11.5.1.601

Affected Version To: 11.5.1.601

Patch Exists: YES

Related CWE: N/A

CPE: a:adobe:shockwave_player:11.5.1.601

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Professional French SP2 and SP3

2009

Adobe ShockWave Player (11.5.1.601) Remote DoS

A stack overflow vulnerability exists in Adobe ShockWave Player (11.5.1.601) when processing a specially crafted Shockwave file. This can be exploited to cause a denial of service via a specially crafted Shockwave file.

Mitigation:

Upgrade to the latest version of Adobe ShockWave Player

Source

Exploit-DB raw data:

#####################################################################################

Application:  Adobe ShockWave Player (11.5.1.601)
            
Platforms:    Windows XP Professional French SP2 and SP3

crash:	      IE 6.0.2900.2180
	
Exploitation: remote DoS

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

===============
1) Introduction
===============

Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.
These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment,
interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director.

#####################################################################################

============================
2) Technical details 
============================

Name:	SwDir.dll
Ver.:	11.5.1.601
CLSID:	{233C1507-6A77-46A4-9443-F871F945D258}


(d40.b20): Stack overflow - code c00000fd 
eax=00305004 ebx=00000003 ecx=00032f80 edx=00400000 esi=09ae0024 edi=00400002
eip=69214965 esp=0012df78 ebp=0012df8c iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010202



#####################################################################################

# milw0rm.com [2009-09-15]