5919464 2001-01-05 18:01 +0000  /52 rader/ Krawetz, Neal <nealk@VERINET.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-05  19:59  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: nealk@VERINET.COM
Mottagare: Bugtraq (import) <14617>
Ärende: Re: Shockwave Flash buffer overflow
------------------------------------------------------------
From: "Krawetz, Neal" <nealk@VERINET.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010105180109.22507.qmail@securityfocus.com>

> > =====
> > Area of affect:
> > All SWF plugins on all platforms.
> > I have validated it with the Shockwave Flash 
plugins 
> versions 2 through 8.
> 
> v 2-8..? Are you talking about the shockwave plugin 
> for director, or the shcokwave flash plugin? the 
flash 
> plugin goes from 2-5 as far as I know...

From what I can tell, Shockwave version 8 includes 
Flash version 5.
Technically, the problem appears to be in Flash.


> > =====
> > Root cause:
> > (Keep in mind -- I have not actually seen the 
source 
> code for the
> plugins --
> > I have only determined this from the symptoms.)
> 
> The source code for the player is available for free 
if 
> you wish to have a look... 
> 
http://www.macromedia.com/software/flash/open/lice
nsing/sourcecode/
> 
> Robin

Thanks, I'll definitely take a look.


As an aside...
I have had a few followups with Macromedia, including
a very productive phone conference.
On Monday or Tuesday I will post a summary 
message.
(Both Macromedia and myself are investigating a few
remaining technical points.)

But in general:  BugTraq works.  I am very impressed.
(5919464) ------------------------------------------