Re: Adobe Flash Player plug-in null pointer dereference and browser crash
- From: Matthew Dempsky <matthew@xxxxxxxxxxxxxx>
- Date: Wed, 11 Mar 2009 10:30:49 -0700
On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew@xxxxxxxxxxxxxx> wrote:
If a Flash 9 SWF loads two SWF files with different SWF version
numbers from two distinct HTTP requests to the exact same URL
(including query string arguments), then Adobe's Flash Player plug-in
will try to dereference a null pointer. This issue affects at least
versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS
X, and Linux.
As an update, this issue also affects 10.0.22.87 at least on Windows
and OS X. I've seen some Linux distributions (e.g., [1]) claim that
10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is
mistaken.
You can easily reproduce this bug (i.e., crash your browser) by
visiting http://flashcrash.dempsky.org/. Be sure to tell your
friends: it can be the next Rick Roll.
[1] http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable
--
Matthew Dempsky
http://www.mochimedia.com
- Follow-Ups:
- Prev by Date: [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access
- Next by Date: Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
- Previous by thread: [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access
- Next by thread: Re: Adobe Flash Player plug-in null pointer dereference and browser crash
- Index(es):
Relevant Pages
|
