[26606] in bugtraq
Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow
daemon@ATHENA.MIT.EDU (Scott Lampert)
Fri Aug 9 17:21:23 2002
Date: Fri, 9 Aug 2002 12:44:38 -0700
From: Scott Lampert <scott@lampert.org>
To: BUGTRAQ <BUGTRAQ@securityfocus.com>
Message-ID: <20020809194438.GF6013@cobalt.heavymetal.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU"
Content-Disposition: inline
In-Reply-To: <MKEAIJIPCGAHEFEJGDOCCEMHGEAA.marc@eeye.com>
--azLHFNyN32YCQGCU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Aug 08, 2002 at 05:26:20PM -0700, Marc Maiffret wrote:
> Vendor Status:
> Macromedia has released a patch for this vulnerability, available at:
> http://www.macromedia.com/v1/handlers/index.cfm?ID=3D23293&Method=3DFull&=
Title=3DM
> PSB02%2D09%20%2D%20Macromedia%20Flash%20Malformed%20Header%20Vulnerabilit=
y%2
> 0Issue&Cache=3DFalse
>=20
> Discovery: Drew Copley
> Exploitation: Riley Hassell
>=20
As far as I can see there is no update to the UNIX versions. The files
are all dated March 25. The bulletin describes version 6 of the Flash
player as the fix, however that doesn't seem to be available for
anything other than Windows and Mac. Am I missing something?
-Scott
--=20
Scott Lampert
<scott@lampert.org>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, 1759
Public Key: http://www.lampert.org/public_key.asc
--azLHFNyN32YCQGCU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9VBumSVL3/uWE7xYRAlRFAKCaS47oodQrVcjjE84Cx3VJ2ZyUYgCgkcCI
XPezem3Qy7GoNjQ2iBiNNn0=
=5jGj
-----END PGP SIGNATURE-----
--azLHFNyN32YCQGCU--
