Bugtraq mailing list archives
Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow
From: Carlos Laviola <carlos () laviola org>
Date: Sun, 11 Aug 2002 07:13:32 -0300
On Fri, Aug 09, 2002 at 05:44:27PM -0400, Mike Chambers wrote:
The linux and solaris updates will be avaliable later today. You will be able to download it at: www.macromedia.com/go/getflashplayer/
I've downloaded this fixed version, but it seems to be vulnerable to something I've discovered last week: if you take a .swf and rot13 encode it (not all of it, so the headers are not messed up), you can crash the user's browser. I've tested it on Netscape 4.77 with Flash 4.0 r12 and Galeon 1.2.5, which is based on Mozilla 1.0, with Flash 5.0 r50 (both running on Debian unstable) and IE 6.0 (on Windows 2000) and all of them crash instantly when I try to open the rot13-garbled file. Check it out: http://alternex.com.br/~claviola/sample1.swf (original) http://alternex.com.br/~claviola/sample2.swf (modified) -- Carlos Laviola <carlos () laviola org>
Current thread:
- EEYE: Macromedia Shockwave Flash Malformed Header Overflow Marc Maiffret (Aug 09)
- Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow ismail donmez (Aug 09)
- Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Scott Lampert (Aug 09)
- RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Mike Chambers (Aug 09)
- RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Richard M. Smith (Aug 10)
- Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Carlos Laviola (Aug 12)
- RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Drew (Aug 13)
- RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Mike Chambers (Aug 09)
- Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Tim Jackson (Aug 09)
- <Possible follow-ups>
- Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow Will Bryant (Aug 13)