Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Code Audit Labs (vulnhuntgmail.com)
Date: Tue May 11 2010 - 20:37:49 CDT
[CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size
infinite loop vulnerability
126.96.36.1992 ,188.8.131.526 and prior
CVE ID: CVE-2010-1282
CAL ID: CAL-20100204-1
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
on vulnerable installations of Adobe's Shockwave Player. User
interaction is required in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File.
Exploitation can lead to remote system high cpu load ( infinite loop).
2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
2010-5-11 Coordinated public release of advisory.
About Code Audit Labs:
Code Audit Labs is department of VulnHunt company which provide a
professional security testing products / services / security consulting
and training ,we sincerely hope we can help your procudes to improve code
quality and safety.
WebSite http://www.VulnHunt.com ( online soon)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/