mailing list archives
Re: Shockwave Flash buffer overflow
From: Peter Santangeli <psantangeli () MACROMEDIA COM>
Date: Fri, 5 Jan 2001 15:03:06 -0800
As was posted earlier to BUGTRAQ, an issue has been discovered with the
Macromedia Flash Player that shows a possible buffer overflow error when the
player encounters a maliciously or incorrectly created SWF file. After an
investigation, and consultation with the reporting engineer, Macromedia has
determined the following:
- The data being accessed is located entirely in a dynamically allocated
structure in the heap space of the application.
- The data access is limited to reading the information. At no time is the
buffer in question ever written to. Neither the heap, nor the stack is
written to during this processing, and at no time does this lead to the
execution of arbitrary data as native instructions.
Given the above information, it is Macromedia's belief that the error in
question, though unfortunate, does not constitute a significant security
risk. The effects of this defect are limited to the crashing of the users
client (denial of service).
On a personal note, I regret that the actual bug report did not reach the
appropriate people at Macromedia in a timely manner. We do take security
very seriously in the development of our products, and are looking in to
mechanisms to ensure that this does not happen again. For a starter, we will
be instituting a new email address by which these reports can be directly
sent to the appropriate engineers.
Vice President of Engineering, Flash and FreeHand