DoS vulnerability in Flash player (access violation)

Hello 3APA3A!

I want to warn you about Denial of Service vulnerability in Flash player plugin for browsers. I've found this vulnerability in June (11.06.2011). That time I've wrote about this built-in DoS in new version of Flash player as a "surprise" from Adobe (for owners of old browser, because in new browsers it worked well).

When in December 2011 I've had conversation with Adobe concerning different vulnerabilities in their software, I reminded them about that built-in DoS in Flash. I stated that it was intentionally made by Adobe (to drop support of old browsers), but Adobe PSIRT declined possibility of such DoS. So I've made a videos for them (with normal work of plugin and its crash in browser) and after viewing of videos, PSIRT confirmed that Adobe really dropped support of old browsers. So it's intended behavior - to DoS a browser at every flash-file (it can be even blank swf-file). In December 2012 I've uploaded the video (with crash) to YouTube.

Affected products:

Vulnerable are Flash 10.3 (and potentially 10.1 and 10.2) and next versions.

Tested in next versions of flash plugin: Flash 10.0 r42 (works fine), Flash 10.3 r183 (crashes). Version 10.3 r183 can be seen in the video. Some time ago I also checked it in version 11.4 r402 and it works the same as in 10.3 r183.

Details:

DoS:

This is Denial of Service vulnerability and it's memory corruption (access violation).

Video:

http://www.youtube.com/watch?v=3W_5jb17Aus

Attack works in old versions of browsers (particularly on Gecko engine). The browser with Flash 10.3 and next versions crashes (at direct view of swf-file or web page with embedded flash-file). This happens due to stopping of support of old versions of browsers by Adobe (in NPAPI versions of Flash player).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua