Bugtraq mailing list archives

Re: Shockwave Flash buffer overflow

From: "Krawetz, Neal" <nealk () VERINET COM>
Date: Fri, 5 Jan 2001 18:01:09 -0000

=====
Area of affect:
All SWF plugins on all platforms.
I have validated it with the Shockwave Flash

plugins

versions 2 through 8.

v 2-8..? Are you talking about the shockwave plugin 
for director, or the shcokwave flash plugin? the

flash

plugin goes from 2-5 as far as I know...

From what I can tell, Shockwave version 8 includes

Flash version 5.
Technically, the problem appears to be in Flash.

=====
Root cause:
(Keep in mind -- I have not actually seen the

source

code for the
plugins --

I have only determined this from the symptoms.)


The source code for the player is available for free

if

you wish to have a look...

http://www.macromedia.com/software/flash/open/lice
nsing/sourcecode/


Robin


Thanks, I'll definitely take a look.


As an aside...
I have had a few followups with Macromedia, including
a very productive phone conference.
On Monday or Tuesday I will post a summary 
message.
(Both Macromedia and myself are investigating a few
remaining technical points.)

But in general:  BugTraq works.  I am very impressed.

Current thread:

Shockwave Flash buffer overflow Krawetz, Neal (Jan 02)
- <Possible follow-ups>
- Re: Shockwave Flash buffer overflow robin (Jan 03)
- Re: Shockwave Flash buffer overflow Krawetz, Neal (Jan 05)
- Re: Shockwave Flash buffer overflow Peter Santangeli (Jan 08)