Macromedia Information for VU#475645
Macromedia Flash plug-in contains buffer overflow
- Vendor Information Help Date Notified: 29 Dec 2000
- Statement Date:
- Date Updated: 15 May 2001
An issue has been discovered with the Macromedia Flash Player that shows a possible buffer overflow error when the player encounters a maliciously or incorrectly created SWF file. After an investigation, and consultation with the reporting engineer, Macromedia has determined the following:
- The data being accessed is located entirely in a dynamically allocated structure in the heap space of the application.
- The data access is limited to reading the information. At no time is the buffer in question ever written to. Neither the heap, nor the stack is written to during this processing, and at no time does this lead to the execution of arbitrary data as native instructions.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.