On Mon, Jan 08, 2001 at 04:13:31PM -0700, Dax Kelson wrote:
> See below...It is claimed that it can't be exploited to run arbitrary
> code. The "worst" that can happen is crashing of the flash player.
I doubt.
> - The data being accessed is located entirely in a dynamically allocated
> structure in the heap space of the application.
There is exploit code in the public which shows how to effectively
exploit these kind of buffers, too.
> - The data access is limited to reading the information. At no time is the
> buffer in question ever written to. Neither the heap, nor the stack is
> written to during this processing, and at no time does this lead to the
> execution of arbitrary data as native instructions.
Hm, one can believe that or not.
> Given the above information, it is Macromedia's belief that the error in
> question, though unfortunate, does not constitute a significant security
> risk. The effects of this defect are limited to the crashing of the users
> client (denial of service).
Hm. "Not a *significant* security risk". So they consider being able
to crash the client a security risk at all? Weird. If there is no
exploit possible besides crashing the client the statement would have
to be "No security risk at all".
Sorry, I don't trust them.
Better safe then sorry.
Best regards,
Daniel
--
----------------------------------------------------------------------
entire systems GmbH | [EMAIL PROTECTED]
Internet Services | Phone: +49 2624 9550-55
Ferbachstrasse 12 | Fax: +49 2624 9550-20
D-56203 Hoehr-Grenzhausen | http://www.entire-systems.com/
----------------------------------------------------------------------
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
