Bugtraq mailing list archives
Re: Adobe Flash Player plug-in null pointer dereference and browser crash
From: Matthew Dempsky <matthew () mochimedia com>
Date: Wed, 11 Mar 2009 10:30:49 -0700
On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew () mochimedia com> wrote:
If a Flash 9 SWF loads two SWF files with different SWF version numbers from two distinct HTTP requests to the exact same URL (including query string arguments), then Adobe's Flash Player plug-in will try to dereference a null pointer. This issue affects at least versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS X, and Linux.
As an update, this issue also affects 10.0.22.87 at least on Windows and OS X. I've seen some Linux distributions (e.g., [1]) claim that 10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is mistaken. You can easily reproduce this bug (i.e., crash your browser) by visiting http://flashcrash.dempsky.org/. Be sure to tell your friends: it can be the next Rick Roll. [1] http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable -- Matthew Dempsky http://www.mochimedia.com
Current thread:
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash Matthew Dempsky (Mar 11)
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash Alex Legler (Mar 12)