| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f1dcfaef0903111030y5aefdb48o218689a260adbee6@mail.gmail.com> Date: Wed, 11 Mar 2009 10:30:49 -0700 From: Matthew Dempsky <matthew@...himedia.com> To: bugtraq@...urityfocus.com Subject: Re: Adobe Flash Player plug-in null pointer dereference and browser crash On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew@...himedia.com> wrote: > If a Flash 9 SWF loads two SWF files with different SWF version > numbers from two distinct HTTP requests to the exact same URL > (including query string arguments), then Adobe's Flash Player plug-in > will try to dereference a null pointer. This issue affects at least > versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS > X, and Linux. As an update, this issue also affects 10.0.22.87 at least on Windows and OS X. I've seen some Linux distributions (e.g., [1]) claim that 10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is mistaken. You can easily reproduce this bug (i.e., crash your browser) by visiting http://flashcrash.dempsky.org/. Be sure to tell your friends: it can be the next Rick Roll. [1] http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable -- Matthew Dempsky http://www.mochimedia.com
Powered by blists - more mailing lists