Adobe Flash Player MP4 Sequence Parameter Set Processing
Added: 02/09/2012CVE: CVE-2011-2140
BID: 49083
OSVDB: 74439
Background
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.Problem
The Adobe Flash Player Sub_1005B396 function allows command execution when a user opens a specially crafted .swf file. The specific vulnerability is triggered when processing data units in the MP4 Sequence Parameter Set.Resolution
Upgrade the installed version of Adobe Flash Player as described in Adobe Security Bulletin APSB11-21.References
http://www.adobe.com/support/security/bulletins/apsb11-21.htmlhttp://www.abysssec.com/blog/2012/01/31/exploiting-cve-2011-2140-another-flash-player-vulnerability/
Limitations
This exploit was tested against Adobe Systems Flash Player 10.3.181.34 on Microsoft Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).The target host must have JRE 1.6.x installed.
The user must open the exploit page using Internet Explorer 7, 8, or 9.
Platforms
WindowsBack to exploit index