The people from the Metasploit project came up with a certainly nice idea: a blog-style publication for releasing web browser bugs and security flaws on a daily basis for one month. A rush of issues have been published, affecting a wide range of browsers, from Microsoft Internet Explorer to Safari. Just for the shake of mayhem and destruction, some issues will get published over here as well, discovered using either their tools (DOM-Hanoi, etc) or the under-going project for developing an easy to use QA and vulnerability assessment framework, QANUM (first show-case is out...).Today's one is a simple and not-really-useful NULL pointer dereference in the Macromedia Flash ActiveX component function LoadMovie():
a = new ActiveXObject('ShockwaveFlash.ShockwaveFlash');
try { a.LoadMovie(-1, "bogus.swf") } catch(e) { }
The bug is triggered by passing a non-zero value to the first parameter (which represents the layer for the loaded movie). Nothing really interesting, right? It seems already fixed in Flash 9 (finally after remaining in 8 for quite a bit of time), and it seems there was previous knowledge of the bug, two years ago. Nice timing.
0 comments:
Post a Comment