Macromedia Shockwave Flash Malformed Header Overflow

Reported August 8, 2002, by eEye Digital Security.

VERSIONS AFFECTED

 

·         Macromedia Shockwave Flash player All versions

 

DESCRIPTION
A vulnerability exists in Macromedia’s Flash player that can lead to execution of arbitrary code on the vulnerable system. An attacker can exploit a hand-edited malformed Macromedia Flash movie (SWF) header by supplying more frame data than the decoder expects, resulting in a buffer overwrite condition. A more detailed explanation of this vulnerability is described in eEye Digital Security’s advisory.

 

VENDOR RESPONSE

Macromedia has released a bulletin regarding this vulnerability and recommends that affected users download Flash player 6,0,40,0, which addresses this vulnerability.

 

CREDIT
Discovered by Drew Copley and Riley Hassell of eEye Digital Security.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish