Adobe Flash Player SWF Content Regular Expression Heap Overflow
Added: 02/21/2013CVE: CVE-2013-0634
BID: 57788
OSVDB: 89936
Background
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.Problem
The ActiveX version of Adobe Flash Player on Windows is vulnerable to heap buffer overflow because it does not properly validate user-supplied input when handling regular expressions in Flash (SWF) content. A remote attacker who persuades a user to open a specially crafted Microsoft Word Document containing SWF content could possibly execute arbitrary code in the context of the user.Resolution
Upgrade to Adobe Flash Player 10.3.183.51 (in the 10.x range) or 11.5.502.149 or higher on Windows systems.References
http://www.adobe.com/support/security/bulletins/apsb13-04.htmlLimitations
This exploit was tested against Adobe Flash Player 11.5.502.146 on Windows XP SP3 English (with DEP OptIn) and Windows 7 SP1 (with DEP OptIn).The user must open the exploit file in Internet Explorer 8 or 9 on the target.
Platforms
WindowsBack to exploit index