Forgot your password?

+ - Security exploit in Flash Player 9->

Submitted by SadSoupDragon
SadSoupDragon (895258) writes "Through general code-hackery, I have stumbled upon a nasty little bug in the most recent version of Flash Player (and every other version I've tried so far). This happened when I made a mistake in creating an in-memory SWF file, loaded it via flash.display.Loader, and extracted an asset from it as a Sound object. The sound plays, but the Flash Player audio engine keeps playing past the end of the sound — As a result, you actually hear a buffer overflow. The usual result is nasty bleeps and bloops (not unlike loading a Spectrum or C64 game) coming out of your speakers, which you can even record and save as a raw sound file to view the data. My browser usually crashes seconds later, yet another symptom of buffer-related security badness.

It's bad enough that a simple SWF file can bring the browser down, but the really scary thing is what could be done with the data accessed (I know that at least a SWF program could analyse the spectrum of this data and send it back to a server) — or worse still, if an in-memory SWF could be crafted in such a way that it overruns the buffer with executable code, as many of the worst software exploits do.

I've written a proof of concept which you can download the source of here, or try the compiled nastiness for yourself."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Security exploit in Flash Player 9

Comments Filter:

"It is easier to fight for principles than to live up to them." -- Alfred Adler