Author: LOM <lom at lom.spb.ru>
Product: Macromedia Flash ActiveX 6.0 (6,0,47,0)
Vendor: Macromedia was not contacted
Risk: High
Remote: Yes
Exploitable: Yes
Into:
Macromedia flash ActiveX plugin displays .swf files under Internet
Explorer.
Vulnerabilities:
Few vulnerabilities were identified: protected memory reading, memory
consumption DoS and more serious:
Details:
Last bug is very close to one reported by eEye in May [2]. This kind of
overflows (heap based Unicode overflow) is definitely exploitable under
Internet Explorer. Attached proof of concept (by LOM)[1] demonstrates
exception triggered in free(). See [3] for exploiting heap overflows,
[4] for exploiting Unicode overflows under Internet Explorer.
Credits:
Vulnerabilities were discovered by LOM <lom at lom.spb.ru>
References: