Bugtraq mailing list archives

Re: Adobe Flash Player plug-in null pointer dereference and browser crash

From: Matthew Dempsky <matthew () mochimedia com>
Date: Wed, 11 Mar 2009 10:30:49 -0700

On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew () mochimedia com> wrote:

If a Flash 9 SWF loads two SWF files with different SWF version
numbers from two distinct HTTP requests to the exact same URL
(including query string arguments), then Adobe's Flash Player plug-in
will try to dereference a null pointer.  This issue affects at least
versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS
X, and Linux.


As an update, this issue also affects 10.0.22.87 at least on Windows
and OS X.  I've seen some Linux distributions (e.g., [1]) claim that
10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is
mistaken.

You can easily reproduce this bug (i.e., crash your browser) by
visiting http://flashcrash.dempsky.org/.  Be sure to tell your
friends: it can be the next Rick Roll.

[1] http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable

-- 
Matthew Dempsky
http://www.mochimedia.com

Current thread:

Re: Adobe Flash Player plug-in null pointer dereference and browser crash Matthew Dempsky (Mar 11)
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash Alex Legler (Mar 12)