CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#451096

Oliver Debon Flash plug-in vulnerable to buffer overflow processing incorrectly formatted sound file

Overview

When passed an incorrectly formatted sound file, the Oliver Debon (freeware) Flash plug-in is reportedly vulnerable to a buffer overflow.

I. Description

The DefineSound tag in a sound file passes data to a Flash plug-in. If this tag specifies fewer samples than are actually present in the data, a buffer overflow may occur in the plug-in produced by Oliver Debon.

II. Impact

The attacker may crash browser or execute commands as the user running the Flash plug-in.

III. Solution

Because the software is unsupported and no patches are available, CERT/CC is unaware of any corrective measures.

Systems Affected
VendorStatusDate Updated
MacromediaNot Vulnerable15-May-2001

References


http://www.securityfocus.com/bid/2214

Credit

Neal Krawetz authored the original description of the vulnerability.

This document was last modified by Tim Shimeall

Other Information

Date Public01/05/2001
Date First Published05/17/2001 09:36:19 AM
Date Last Updated06/20/2001
CERT Advisory 
CVE NameCAN-2001-0127
Metric0.08
Document Revision10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University