|
Macromedia Flash ActiveX Denial of Service
|
|
Secunia Advisory:
|
SA7545
|
|
|
Release Date:
|
2002-11-19
|
|
Last Update:
|
2002-11-22
|
|
Popularity:
|
7,268 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Macromedia Flash Player 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Macromedia Flash Player has been found vulnerable to a Denial of Service attack which causes the browser to crash, this can be performed by supplying a too long SW Remote parameter tag.
It has been discussed whether this is caused by a buffer overflow or not, in case it is in fact a buffer overflow it may be exploitable. Secunia will continue to monitor this issue and post more information if necessary.
Solution:
Macromedia Flash Player 6 Beta isn't vulnerable.
You may however consider to disable ActiveX or uninstall Flash ActiveX plugin, if youhave installed Flash Player 6.
Flash Player 5 which ships with Internet Explorer is not vulnerable this issue.
Provided and/or discovered by:
LOM
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
