[26610] in bugtraq
RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow
daemon@ATHENA.MIT.EDU (Mike Chambers)
Fri Aug 9 18:07:12 2002
From: "Mike Chambers" <mchamber@macromedia.com>
To: "'BUGTRAQ'" <BUGTRAQ@securityfocus.com>
Date: Fri, 9 Aug 2002 17:44:27 -0400
Message-ID: <008101c23fed$f0008480$0d00a8c0@mesha31p>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20020809194438.GF6013@cobalt.heavymetal.org>
The linux and solaris updates will be avaliable later today.
You will be able to download it at:
www.macromedia.com/go/getflashplayer/
mike chambers
mesh@macromedia.com
> -----Original Message-----
> From: Scott Lampert [mailto:scott@lampert.org]
> Sent: Friday, August 09, 2002 3:45 PM
> To: BUGTRAQ
> Subject: Re: EEYE: Macromedia Shockwave Flash Malformed
> Header Overflow
>
>
> On Thu, Aug 08, 2002 at 05:26:20PM -0700, Marc Maiffret wrote:
> > Vendor Status:
> > Macromedia has released a patch for this vulnerability,
> available at:
> >
> http://www.macromedia.com/v1/handlers/index.cfm?ID=23293&Metho
d=Full&Title=M
>
PSB02%2D09%20%2D%20Macromedia%20Flash%20Malformed%20Header%20Vulnerabili
ty%2
> 0Issue&Cache=False
>
> Discovery: Drew Copley
> Exploitation: Riley Hassell
>
As far as I can see there is no update to the UNIX versions. The files
are all dated March 25. The bulletin describes version 6 of the Flash
player as the fix, however that doesn't seem to be available for
anything other than Windows and Mac. Am I missing something?
-Scott
--
Scott Lampert
<scott@lampert.org>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, 1759
Public Key: http://www.lampert.org/public_key.asc
