Home
Latest images
Search
Register
Log inAdobe Flash Player Invalid Loader Object Reference Vulnerability
Page 1 of 1
Adobe Flash Player Invalid Loader Object Reference Vulnerability
andry Thu Oct 28, 2010 1:00 am
Remote exploitation of an invalid Loader object reference vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user.
During the processing of a Shockwave Flash file, an object can be created, along with multiple references that point to the object. The object can be destroyed and its associated references removed. However a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the web page. To exploit this vulnerability, a targeted user must load a malicious Shockware Flash file created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site.
iDefense has confirmed the existence of this vulnerability in latest Flash Player version 9.0.124.0. Previous versions may also be affected.
During the processing of a Shockwave Flash file, an object can be created, along with multiple references that point to the object. The object can be destroyed and its associated references removed. However a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the web page. To exploit this vulnerability, a targeted user must load a malicious Shockware Flash file created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site.
iDefense has confirmed the existence of this vulnerability in latest Flash Player version 9.0.124.0. Previous versions may also be affected.
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Another 0day exploit in Adobe Flash player
» Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution
» Two 0-Day Highly Critical Adobe Reader Vulnerabilities Disclosed
» Customize Windows Media Player Title Bar
» Vulnerability to Firebook
» Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution
» Two 0-Day Highly Critical Adobe Reader Vulnerabilities Disclosed
» Customize Windows Media Player Title Bar
» Vulnerability to Firebook
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum