http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
http://www.adobe.com/support/security/advisories/apsa11-02.html
Filename: Disentangling Industrial Policy and Competition Policy.doc
Size:176,144 bytes
My analysis of Disentangling Industrial Policy and Competition Policy.doc
File created 04-Apr-2011 9:50 , by user 7 , and company hust
There are no vulnerabilities in MS Office, there is a vulnerability in embeded swf as was described below.
embeded swf file(local name d:\513.swf)
size 10,421 bytes
decoded action script
this is heap spray, allocate memory with nop slide=0x11111111.
and load second swf file.
second swf
size 1,484 bytes
SWFTools>swfdump.exe -D 1.swf
[HEADER] File version: 10
[HEADER] File size: 1484
[HEADER] Frame rate: 24.000000
[HEADER] Frame count: 1
[HEADER] Movie width: 550.00
[HEADER] Movie height: 400.00
[045] 4 FILEATTRIBUTES
[00c] 1447 DOACTION
GetU8() out of bounds: TagID = 12
flasm16win>flasm.exe -d 1.swf
movie '1.swf' // flash 10, total frames: 1, frame rate: 24 fps, 550x400 px
frame 0
00000000 push FALSE, 326943637, 326943739
0000000F oldEquals
00000010 not
00000011 branchIfTrue label2 // offset 1100
00000016 branchIfTrue label1 // offset 24
0000001B constants 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I' Declared constant pool length 21 differs from calculated length 20
Disassembly may be incomplete: wrong action length encountered
end // of frame 0
end
crash exist in Adobe Flash Player plugin .
in my test NPSWF32.dll (10.2.153.1)
crash at location 100cfc03
this possibly related to tweet :
call [0x11111110+0x08]
to be continue ...
Wow! That's complicated! I'm getting a headache just looking at a couple lines of code. Your really good at coding it seems, so keep up the good work! What is Adobe? Thanks!
ReplyDeleteI am trying this code, but sorry it's didn't work. Can you give me solution for this. Thanks for it.
ReplyDeleteHI,
ReplyDeleteCan you give me solution for this.I loved all of these posts. A lot of these things we have, but I got some really great ideas.
This is my first time to go to here. I found a lot of appealing stuff in your blog.
ReplyDeleteThanks VILLY! I tried it and got some error. Please please help me...I really need it. I have to embed adobe flash in my doc very urgently. I will be very grateful to you.
ReplyDeleteits nice post about the security thanks for providing such useful information actually there should be proper councling about the Security Course it provides a better security tricks along with to brighten someone's career.....
ReplyDeleteThis is very nice and informative post regarding to security. The C Company provides Security Industry Authority (SIA) registered training courses in Security Operations. This 4-day SIA Licence courses has been designed to meet not only the suggested requirements of today's Security Officer, but those of the future and therefore, we believe goes a step further than those of our competitive associates.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteYour blogs are totally worth giving time and energy. vivint security
ReplyDeleteThanks for sharing this useful info. Keep updating same way for Adobe day CQ5.
ReplyDeleteRegards,Siddu Corporate Training
Its something looks like the machine code. I have learnt about that. Its really hard to understand and writing code too.
ReplyDeleteSecurity is the one of the best thing which always give you a sense of Ultra security and protection against the internal as well as external factor
ReplyDeletehome security service
home security solution