In the above function we have direct control on the second argument of the function. The 4bytes so called value can be manipulated to reach the vulnerable part of function 68122990. There is a 4bytes value in the undocumented rcsL chunk in our sample director movie and it may be possible to find similar rcsL chunks in other director samples. Some of the chunk identifiers are tSAC, pami, rcsL.īy help of our simple fuzzer we have manipulated a director movie file and found a vulnerability in part of an existing rcsL chunk. And subsequently chunks come together with format of 4byte chunk identifier + size of chunk + data. RIFF formats start with a 4byte RIFX identifier and length of the file. DIR file format is based on RIFF based formats. Director movies have DIR or compressed format of DCR. Shockwave player is a plug in for loading Adobe Director video files in to the browser. Impact - Successfully exploiting this issue allows remote attackers to execute arbitrary code or cause denial-of-service conditions. Version : Adobe Shockwave player 11.5.8.612 (latest on writing time)Ĭontact : shahin, info Ĭlass - Memory corruption allow command execute Title : Adobe Shockwave player rcsL chunk memory corruption
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |