Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Security exploit in Flash Player 9 (

SadSoupDragon writes: Through general code-hackery, I have stumbled upon a nasty little bug in the most recent version of Flash Player (and every other version I've tried so far). This happened when I made a mistake in creating an in-memory SWF file, loaded it via flash.display.Loader, and extracted an asset from it as a Sound object. The sound plays, but the Flash Player audio engine keeps playing past the end of the sound — As a result, you actually hear a buffer overflow. The usual result is nasty bleeps and bloops (not unlike loading a Spectrum or C64 game) coming out of your speakers, which you can even record and save as a raw sound file to view the data. My browser usually crashes seconds later, yet another symptom of buffer-related security badness.

It's bad enough that a simple SWF file can bring the browser down, but the really scary thing is what could be done with the data accessed (I know that at least a SWF program could analyse the spectrum of this data and send it back to a server) — or worse still, if an in-memory SWF could be crafted in such a way that it overruns the buffer with executable code, as many of the worst software exploits do.

I've written a proof of concept which you can download the source of here, or try the compiled nastiness for yourself.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Security exploit in Flash Player 9

Comments Filter:

"You know, we've won awards for this crap." -- David Letterman