(Pwn2Own) Adobe Flash Player NetStream addBytes Remote Code Execution VulnerabilityZDI-12-057: April 9th, 2012
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 12183. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.
Vendor ResponseAdobe states:
2012-03-12 - Vulnerability reported to vendor
2012-04-09 - Coordinated public release of advisory
CreditThis vulnerability was discovered by:
VUPEN Vulnerability Research Team http://www.vupen.com