[18442] in bugtraq
Re: Shockwave Flash buffer overflow
daemon@ATHENA.MIT.EDU (Krawetz, Neal)
Fri Jan 5 14:34:57 2001
Message-Id: <20010105180109.22507.qmail@securityfocus.com>
Date: Fri, 5 Jan 2001 18:01:09 -0000
Reply-To: nealk@VERINET.COM
From: "Krawetz, Neal" <nealk@VERINET.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> > =====
> > Area of affect:
> > All SWF plugins on all platforms.
> > I have validated it with the Shockwave Flash
plugins
> versions 2 through 8.
>
> v 2-8..? Are you talking about the shockwave plugin
> for director, or the shcokwave flash plugin? the
flash
> plugin goes from 2-5 as far as I know...
From what I can tell, Shockwave version 8 includes
Flash version 5.
Technically, the problem appears to be in Flash.
> > =====
> > Root cause:
> > (Keep in mind -- I have not actually seen the
source
> code for the
> plugins --
> > I have only determined this from the symptoms.)
>
> The source code for the player is available for free
if
> you wish to have a look...
>
http://www.macromedia.com/software/flash/open/lice
nsing/sourcecode/
>
> Robin
Thanks, I'll definitely take a look.
As an aside...
I have had a few followups with Macromedia, including
a very productive phone conference.
On Monday or Tuesday I will post a summary
message.
(Both Macromedia and myself are investigating a few
remaining technical points.)
But in general: BugTraq works. I am very impressed.
