Computer Security
[EN] no-pyccku

Related information

  Buffer overflow in Macromedia Flash

  Дырки в Macromedia Flash

  Macromedia Flash Activex Buffer overflow

From:3APA3A <3APA3A_(at)>
Subject:Multiple vulnerabilities in Macromedia Flash ActiveX

Author: LOM <lom at>
Product: Macromedia Flash ActiveX 6.0 (6,0,47,0)
Vendor: Macromedia was not contacted
Risk: High
Remote: Yes
Exploitable: Yes


Macromedia  flash  ActiveX  plugin  displays  .swf  files under Internet


Few  vulnerabilities  were  identified: protected memory reading, memory
consumption DoS and more serious:
1. zlib 1.1.3 double free() bug
2. Buffer overflow in SWRemote parameter for flash object.


Last  bug is very close to one reported by eEye in May [2]. This kind of
overflows  (heap based Unicode overflow) is definitely exploitable under
Internet  Explorer.  Attached  proof of concept (by LOM)[1] demonstrates
exception  triggered  in  free(). See [3] for exploiting heap overflows,
[4] for exploiting Unicode overflows under Internet Explorer.


Vulnerabilities were discovered by LOM <lom at>


1. Macromedia Shockwave proof of concept
2. eEye, Macromedia Flash Activex Buffer overflow
3. w00w00 on Heap Overflows
4. 3APA3A, Details and exploitation of buffer overflow in mshtml.dll (and
  few sidenotes on Unicode overflows in general)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod