Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow

From: Carlos Laviola (carlos@laviola.org)
Date: 08/11/02

Previous message: bugzilla@redhat.com: "[RHSA-2002:148-06] Updated Tcl/Tk packages fix local vulnerability"
In reply to: Mike Chambers: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Drew: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Tim Jackson: "Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Reply: Drew: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 11 Aug 2002 07:13:32 -0300
From: Carlos Laviola <carlos@laviola.org>
To: 'BUGTRAQ' <BUGTRAQ@securityfocus.com>

On Fri, Aug 09, 2002 at 05:44:27PM -0400, Mike Chambers wrote:
> The linux and solaris updates will be avaliable later today.
>
> You will be able to download it at:
> www.macromedia.com/go/getflashplayer/

I've downloaded this fixed version, but it seems to be vulnerable to
something I've discovered last week: if you take a .swf and rot13 encode
it (not all of it, so the headers are not messed up), you can crash the
user's browser. I've tested it on Netscape 4.77 with Flash 4.0 r12 and
Galeon 1.2.5, which is based on Mozilla 1.0, with Flash 5.0 r50 (both
running on Debian unstable) and IE 6.0 (on Windows 2000) and all of them
crash instantly when I try to open the rot13-garbled file.

Check it out:

http://alternex.com.br/~claviola/sample1.swf (original)
http://alternex.com.br/~claviola/sample2.swf (modified)

-- 
Carlos Laviola <carlos@laviola.org>

Previous message: bugzilla@redhat.com: "[RHSA-2002:148-06] Updated Tcl/Tk packages fix local vulnerability"
In reply to: Mike Chambers: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Drew: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Tim Jackson: "Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Reply: Drew: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: PANIC!: a new plot thread
... have been invading since Norton's Virus Definitions failed to download from ... the site like they should have about a week before the crash. ... Not to mention that the same Explorer error message comes up even in 'Safe ...
(rec.games.computer.ultima.dragons)
Re: gv kills X server
... I wouldn't even download a file known to crash ... >> that crash the xserver when you try to view them with gv. ... > problem with the X server, ... particular app using a particular version of gv. ...
(comp.os.linux.x)
Re: IE Browser Add-ons
... I just had another crash but all the BOH's were removed two days ago. ... I just received an error message identifying ?Acrobat ... >> I assume this came with the Google Toolbar I downloaded last night. ... >> download in the first place. ...
(microsoft.public.windowsxp.help_and_support)
Re: Oregano group. Was: Oragano 1 not fetching
... Dave Higton wrote in message ... latest version available for download at the time. ... I suspect many of us would not want risk installingsomething that may ... crash the machine just to test whether a bug has, in fact, been sorted ...
(comp.sys.acorn.apps)
Re: Rekall and associated software go 100% GPL
... I just downloaded the "full" package for windows. ... a link to a source code download on your site. ... The "License" section in the About Window also don't show the GPL, ... It seems that there is no crash management that gives me more ...
(comp.lang.python)