Adobe Flash Player MP4 Copyright Statement Overflow

Added: 03/08/2012
CVE: CVE-2012-0754
BID: 52034
OSVDB: 79300


Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.


Flash Player version prior to do not properly validate the Copyright statement key (CPRT) in the tag information section of MP4 files. This may result in a heap overflow. An attacker may exploit this vulnerability by hosting a Flash applet on a website that loads a specially formatted MP4 file.


Update to Flash Player or newer.



This exploit has been tested against Adobe Flash Player on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Windows 7 targets must have JRE 6 installed.

The user must open the exploit page using Firefox 11 (XP only), or Internet Explorer 7, 8, or 9.

This exploit uses a heap spray which depends on some conditions that may not always be met. Reliability of the exploit may vary depending on these conditions.



Back to exploit index