ush.it - a beautiful place

Flash Player/Plugin Video file parsing Remote Code Execution

July 13, 2007 at 5:28 pm - Filed under Insecurity, Language EN - 216 words, reading time ~0 minutes - Permalink - Comments

Stefano Di Paola with contribution from Giorgio Fedon (both from a brand new security research company, MindedSecurity) and Elia Florio have just released the details about a Remote Code Execution flaw in Flash Plugin 9 independent from the OS. Parsing a flv with adobe flash player it's possible to trigger an exploitable integer overflow.

By using a specially crafted "flv" video it's possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system
denial of service. All OS (Windows, Linux, MacOs,...) seem to be affected.

This is a very dangerous vulnerability, in fact, an attacker could force a flash video player that is already in place on a remote web site to crash and execute arbitrary code in the context of the local machine.

Probably this will be one of the highest-impact vulnerabilities of 2007. Well done Stefano! But after UXSS we couldn't expect less ^_^

Read the original advisory on Flash Player/Plugin Video file parsing Remote Code Execution.

Reed's Alert! Got something burning? Tell USH team.
THP USH Wisec DigitalBullets