Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Flash exploit runs unverified bytecode

  • 16-04-2008 7:55am
    #1
    Closed Accounts Posts: 17,208 ✭✭✭✭


    http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
    Reliable Flash vulnerabilities are catastrophes. In 2008, we have lots of different browsers. We have different versions of the OS, and we have Mac users. But we’ve only got one Flash vendor, and everyone has Flash installed. Why do you care about Flash exploits? Because in the field, any one of them wins a commanding majority of browser installs for an attacker. It is the Cyberdyne Systems Model 101 of clientsides.

    From Mark Dowd's IBM white paper Introduction:
    The following case study describes a unique exploitation scenario using a recently disclosed flash vulnerability that was reported to Adobe by IBM (advisory available at http://www.iss.net/threats/289.html). At first the
    vulnerability seemed to offer limited exploitation options, but further analysis uncovered an application-specific attack that results in reliable, consistent exploitation. Achieving the same exploitation with more conventional methods is unlikely. The technique presented leverages functionality provided by the ActionScript Virtual Machine – an integral part of Adobe Flash Player. Further, it will be shown that the vulnerability can be successfully exploited without leaving telltale signs, such as a browser crash following the attack.

    Although this document deals specifically with the Win32/intel platform, similar attacks can most likely be carried out on the many other platforms flash is available for. In particular, some of the methodology discussed might be useful for constructing a robust exploit on Unix platforms as well as several embedded platforms. Understanding the specific scenarios used to exploit memory corruption vulnerabilities will help improve protection strategies.

    The white paper itself goes into quite a bit of detail on what the exploit is (as you would expect), but Thomas Ptacek's article (linked above) gives a pretty good overview. It basically comes down to inconsistencies in ActionScript's two-pass bytecode verification allowing an attacker to embed or inject malicious bytecode.


Advertisement