Vulnerability Note VU#475645

Macromedia Flash plug-in contains buffer overflow

Original Release date: 17 May 2001 | Last revised: 20 Jun 2001

Overview

Incorrectly formatted sound wave (SWF) files may cause a buffer overflow in the Macromedia Flash plug-in.

Description

If the length fields in an SWF file specify fewer data than are actually present in the file, processing the file may cause a buffer overflow in the Macromedia Flash plug-in.

Impact

The plug-in or browser may crash. Since this buffer is only read from, this overflow is unlikely to cause execution of malicious code.

Solution

While Macromedia did not produce a patch to correct this problem, it is possible that recent versions of the plug-in have corrected this problem.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
MacromediaAffected29 Dec 200015 May 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Neal Krawetz published the intial description of this problem.

This document was last modified by Tim Shimeall

Other Information

  • CVE IDs: CAN-2001-0166
  • Date Public: 29 Dec 2000
  • Date First Published: 17 May 2001
  • Date Last Updated: 20 Jun 2001
  • Severity Metric: 0.49
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.