[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-dev] Mark Dowd's Flash NULL Pointer Vulnerability Exploit
|
From: |
John Gilmore |
|
Subject: |
[Gnash-dev] Mark Dowd's Flash NULL Pointer Vulnerability Exploit |
|
Date: |
Mon, 21 Apr 2008 18:56:53 -0700 |
We should make sure we aren't vulnerable to any of the sub-parts of
this attack. And note what the top of the article says about our
importance to the whole Internet ecosystem:
Some context. Reliable Flash vulnerabilities are catastrophes. In
2008, we have lots of different browsers. We have different versions
of the OS, and we have Mac users. But we've only got ONE FLASH VENDOR,
and everyone has Flash installed. Why do you care about Flash
exploits? Because in the field, any one of them wins a commanding
majority of browser installs for an attacker. It is the Cyberdyne
Systems Model 101 of clientsides.
We're well on the way to curing that worldwide single point of failure.
John
Date: Fri, 18 Apr 2008 08:38:37 -0700
From: Ryan Phillips <address@hidden>
To: Cryptography <address@hidden>
Subject: Mark Dowd's Flash NULL Pointer Vulnerability Exploit
[Moderator's note: Not our usual fare but I'll let it through anyway.
Bottom line is that it describes a new ugly exploit against Flash.
--Perry]
White Paper:
http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
Decent Summary:
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
-Ryan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to address@hidden
- [Gnash-dev] Mark Dowd's Flash NULL Pointer Vulnerability Exploit,
John Gilmore <=