New flash zero-day vulnerability

BoerenkoolMetWorst · Dec 7, 2011

Immunity has developed an exploit which uses 2 holes in Adobe Flash and bypassed DEP and ASLR.

https://secure.security.nl/artikel/39461/1/Zero-day_lek_in_Adobe_Flash_Player_onthuld.html

https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html

siljaline · Dec 7, 2011

Topic exists Suggest thread merge.

Hungry Man · Dec 7, 2011

Siljaline - two different things. The topic you linked is an Acrobat exploit.

Hungry Man · Dec 7, 2011

According to that site it should bypass the Chrome and IE9 sandboxes.

siljaline · Dec 7, 2011

Apologies for the oversight, @ Hungry Man

Carry on

Hungry Man · Dec 7, 2011

Easy mistake.

I'm curious to see if this actually breaks the sandbox. I'm also wondering if it effects PPAPI.

siljaline · Dec 7, 2011

Yup, none of us are perfect. As to the topic, Rich will likely come around and have a look under the hood. Or you could send a PM.

Regards,

Hungry Man said:

Easy mistake.

I'm curious to see if this actually breaks the sandbox. I'm also wondering if it effects PPAPI.
Click to expand...

Hungry Man · Dec 7, 2011

Yeah I'm watching the video right now - didn't have a chance before.

IT's been tested on IE8, IE7, multiple OS's (XP, 7, OSX) and I havne't gotten to the Chrome part yet.

CloneRanger · Dec 7, 2011

I tried to find the Actual exploit on there to DL & test, but couldn't find it ! Anyone know where it is Exactly ?

TIA

Hungry Man · Dec 7, 2011

IT's through an exploit page, which I guess he hosts on his Linux VM and then connects to through IP on his Windows 7 VM.

IDK if it's available.

He also didn't show Chrome in the video - not that I doubt it. I just want to know if it was the PPAPI or not - probably not.

CloneRanger · Dec 7, 2011

@ Hungry Man

Ahh so it's just a local exploit test ! OK thanks.

It sounded/read like it was available. If an exploit test www page were made available, then more of us could test it on different OS's browsers & configs etc Wonder why it isn't, as it would help all round ?

Also on here https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html is this

Recently we've released Flash 0day exploit with Vulndisco SA
(http://intevydis.com/sa.shtml)
Click to expand...

But there's no mention of it that i can see ?

Hungry Man · Dec 7, 2011

Perhaps they just haven't published it yet.

It wasn't a local exploit though - it was remote.

In the video he has 1 VM to host it and then he opens his browser in the 2nd VM and goes to the exploit page (hosted by VM1 ) or... something.

Dude111 · Dec 9, 2011

Do they have a POC for this? (Im DLing the vid now)

siljaline · Dec 9, 2011

From H-online

The current version of Adobe Flash Player, 11.1.102.55, supposedly includes a critical security vulnerability that can be used by criminals to inject malicious code into a system, according to security software firm Intevydis. The company has even put out a ten-minute video demonstrating an exploit it is offering for its commercial attack framework VulnDisco. So far, Intevydis is keeping quiet about details of the vulnerability. Only paying customers can use the exploit to look for the weak point in their system.

In the video, the company is able to use the White Phosphorous exploit pack to escape Internet Explorer's sandbox. Apparently, the exploit takes advantage of two security vulnerabilities at once to bypass data execution prevention (DEP) and address space layout randomisation (ASLR). The company says that the exploit works on Windows XP and Windows 7 with Internet Explorer, Firefox, and Google Chrome, although it is not yet certain whether it really manages to escape Chrome’s sandbox. A version for Mac OS X is on its way. Adobe has not yet commented on the vulnerability.
Click to expand...

More

Log in or Sign up

New flash zero-day vulnerability

BoerenkoolMetWorst Registered Member

siljaline Registered Member

Hungry Man Registered Member

Hungry Man Registered Member

siljaline Registered Member

Hungry Man Registered Member

siljaline Registered Member

Hungry Man Registered Member

CloneRanger Registered Member

Hungry Man Registered Member

CloneRanger Registered Member

Hungry Man Registered Member

Dude111 Registered Member

siljaline Registered Member

Log in or Sign up

New flash zero-day vulnerability

BoerenkoolMetWorst Registered Member

siljaline Registered Member

Hungry Man Registered Member

Hungry Man Registered Member

siljaline Registered Member

Hungry Man Registered Member

siljaline Registered Member

Hungry Man Registered Member

CloneRanger Registered Member

Hungry Man Registered Member

CloneRanger Registered Member

Hungry Man Registered Member

Dude111 Registered Member

siljaline Registered Member

Useful Searches