[thelist] Godawful Flash security bug

John Dowdell jdowdell at macromedia.com
Thu Jan 4 18:09:09 CST 2001


Summary: Looking copacetic, but still in process.

At 4:21 AM 1/4/1, John Handelaar wrote:
> http://www.lwn.net/daily/swf-bug.php3

For what it's worth, this post has been under investigation since it
started getting crossposted over the holidays.

It's very easy to make a SWF file whose length does not match its
contents... if you shut the system down while exporting from an authoring
tool you'll get the same thing. These are read-only files, though, and
trying to play a corrupt SWF will, at worst, crash the browser. No one has
yet been able to hide executable instructions behind an incorrect length,
much less get the crashed computer to act on them. That doesn't mean it's
not possible, just that no one seems to be able to make such a theoretical
risk real. The same problem affects much software.

Still, any issue which touches security or privacy is a serious issue. I
understand there's currently work being done to see if there are ways to
validate read-only buffer lengths, and then there's still the public
perception issue among your clients to deal with... that's real too.

Folks here at the shop have been working on both angles this week, and, if
there's continuing attention to this crosspost, then I expect to see
something useful up on the Macromedia site soon.

(By the way, please don't crosspost my words here to other groups,
thanks... I hate being taken out of context. If you find some other group
where the original long message was crossposted where you think I should
be, then a heads-up would be appreciated, thanks.)

jd





John Dowdell, Macromedia Tech Support, San Francisco CA US
Search technotes: http://www.macromedia.com/support/search/
Offlist email risks capture by the spam filters. I may not see your
email if it's not on the list. Private one-on-one email options are
available via Priority Access: http://www.macromedia.com/support/






More information about the thelist mailing list