[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnash-dev] Mark Dowd's Flash NULL Pointer Vulnerability Exploit
From: |
Bastiaan Jacques |
Subject: |
Re: [Gnash-dev] Mark Dowd's Flash NULL Pointer Vulnerability Exploit |
Date: |
Tue, 22 Apr 2008 22:53:44 +0200 (CEST) |
From when I glanced at this paper I remember it relies on an unchecked
malloc return. We use new for allocations and if it fails for some
reason, it will throw. If the same code path exists in Gnash, will
abort the Gnash process with an unhandled exception, but there's no
exploit possible.
Bastiaan
On Mon, 21 Apr 2008, John Gilmore wrote:
We should make sure we aren't vulnerable to any of the sub-parts of
this attack.