Bugtraq mailing list archives
Re: Adobe Flash Player plug-in null pointer dereference and browser crash
From: Alex Legler <a3li () gentoo org>
Date: Thu, 12 Mar 2009 14:17:23 +0100
Hello Matthew, On Mi, 2009-03-11 at 10:30 -0700, Matthew Dempsky wrote:
On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew () mochimedia com> wrote:If a Flash 9 SWF loads two SWF files with different SWF version numbers from two distinct HTTP requests to the exact same URL (including query string arguments), then Adobe's Flash Player plug-in will try to dereference a null pointer. This issue affects at least versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS X, and Linux.As an update, this issue also affects 10.0.22.87 at least on Windows and OS X. I've seen some Linux distributions (e.g., [1]) claim that 10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is mistaken.
yes, indeed you are right. Both a user and me could repoduce the issue with the version we mistakenly marked as not vulnerable.
You can easily reproduce this bug (i.e., crash your browser) by visiting http://flashcrash.dempsky.org/. Be sure to tell your friends: it can be the next Rick Roll. [1] http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable
We have updated that GLSA to no longer reference this issue. Thank you for the heads-up! Regards, Alex
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash Matthew Dempsky (Mar 11)
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash Alex Legler (Mar 12)