Re: Adobe Flash Player plug-in null pointer dereference and browser crash

On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew@xxxxxxxxxxxxxx> wrote:
If a Flash 9 SWF loads two SWF files with different SWF version
numbers from two distinct HTTP requests to the exact same URL
(including query string arguments), then Adobe's Flash Player plug-in
will try to dereference a null pointer.  This issue affects at least
versions,,, and on Windows, OS
X, and Linux.

As an update, this issue also affects at least on Windows
and OS X. I've seen some Linux distributions (e.g., [1]) claim that fixes this bug (aka CVE-2008-4546), but I think this is

You can easily reproduce this bug (i.e., crash your browser) by
visiting Be sure to tell your
friends: it can be the next Rick Roll.


Matthew Dempsky