Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Shockwave Flash buffer overflow
From: "Krawetz, Neal" <nealk () VERINET COM>
Date: Fri, 5 Jan 2001 18:01:09 -0000

=====
Area of affect:
All SWF plugins on all platforms.
I have validated it with the Shockwave Flash 
plugins 
versions 2 through 8.

v 2-8..? Are you talking about the shockwave plugin 
for director, or the shcokwave flash plugin? the 
flash 
plugin goes from 2-5 as far as I know...

From what I can tell, Shockwave version 8 includes 
Flash version 5.
Technically, the problem appears to be in Flash.


=====
Root cause:
(Keep in mind -- I have not actually seen the 
source 
code for the
plugins --
I have only determined this from the symptoms.)

The source code for the player is available for free 
if 
you wish to have a look... 

http://www.macromedia.com/software/flash/open/lice
nsing/sourcecode/

Robin

Thanks, I'll definitely take a look.


As an aside...
I have had a few followups with Macromedia, including
a very productive phone conference.
On Monday or Tuesday I will post a summary 
message.
(Both Macromedia and myself are investigating a few
remaining technical points.)

But in general:  BugTraq works.  I am very impressed.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault