Re: Adobe Flash Player plug-in null pointer dereference and browser --crash

From: Matthew Dempsky <matthew@mochimedia.com>
To: bugtraq@securityfocus.com
Cc:
Subject: Re: Adobe Flash Player plug-in null pointer dereference and browser --crash
Date:


On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew@mochimedia.com> wrote:
> If a Flash 9 SWF loads two SWF files with different SWF version
> numbers from two distinct HTTP requests to the exact same URL
> (including query string arguments), then Adobe's Flash Player plug-in
> will try to dereference a null pointer. This issue affects at least
> versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS
> X, and Linux.

As an update, this issue also affects 10.0.22.87 at least on Windows
and OS X.  I've seen some Linux distributions (e.g., [1]) claim that
10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is
mistaken.

You can easily reproduce this bug (i.e., crash your browser) by
visiting http://flashcrash.dempsky.org/.  Be sure to tell your
friends: it can be the next Rick Roll.

[1] http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable

-- 
Matthew Dempsky
http://www.mochimedia.com





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.