返回信息流该漏洞可以导致未授权代码的运行
预计编写对应的攻击工具需要一周的时间
这个漏洞存在Flash播放器7.0.19.0版本以及较早的版本中
我的FlashMX2004带的是7.0.19.0版本
微软发布安全公告 敦促Flash Player用户尽快安装新版本Flash Player
下载地址:http://www.macromedia.com/go/getflash
漏洞细节如下:
he vulnerable code exists in Flash.ocx, which embodies the code responsible for playing back SWF files. One function maintains a large, 256-element table of function pointers on the stack, and uses a frame type identifier read from the SWF file as an index into the array, without enforcing the array boundaries. The following disassembly depicts the affected code:
.text:1002714F mov eax, [esi+0CA4h] ; type number
.text:10027155 mov ecx, [esi+94h] ; base of table
.text:1002715B lea eax, [ecx+eax*8] ; get element address
.text:1002715E mov ecx, [eax] ;
Although the index is not validated, its value is elsewhere restricted to be at most 0x8000, so the attacker can cause a function pointer to be retrieved from memory up to roughly 64KB after the base of the table on the stack. Typically this range will include heap memory, so by planting specific data on the heap, the attacker can very easily control the exact value of the function pointer. Reliable exploitation using this technique within Internet Explorer has been demonstrated by eEye Digital Security.
这是一条镜像帖。来源:北邮人论坛 / security / #41同步于 1 周前
Security机器人发帖
Macromedia Flash Player存在严重漏洞
coolfantasy
1 周前镜像同步0 回复
订阅后,新回复会通过你的通知中心匿名送达。
0 条回复
暂无回复 · 你可以订阅本帖等待新回复。