SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#451096

Oliver Debon Flash plug-in vulnerable to buffer overflow processing incorrectly formatted sound file

Overview

When passed an incorrectly formatted sound file, the Oliver Debon (freeware) Flash plug-in is reportedly vulnerable to a buffer overflow.

I. Description

The DefineSound tag in a sound file passes data to a Flash plug-in. If this tag specifies fewer samples than are actually present in the data, a buffer overflow may occur in the plug-in produced by Oliver Debon.

II. Impact

The attacker may crash browser or execute commands as the user running the Flash plug-in.

III. Solution

Because the software is unsupported and no patches are available, CERT/CC is unaware of any corrective measures.

Systems Affected

VendorStatusDate NotifiedDate Updated
MacromediaNot Vulnerable15-May-2001

References


http://www.securityfocus.com/bid/2214

Credit

Neal Krawetz authored the original description of the vulnerability.

This document was last modified by Tim Shimeall

Other Information

Date Public:2001-01-05
Date First Published:2001-05-17
Date Last Updated:2001-06-20
CERT Advisory: 
CVE-ID(s):CAN-2001-0127
NVD-ID(s):CAN-2001-0127
US-CERT Technical Alerts: 
Metric:0.08
Document Revision:10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader