RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow

From: Richard M. Smith (rmsat_private)
Date: Fri Aug 09 2002 - 15:16:33 PDT

Next message: Kanatoko: "Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability"

Previous message: Guy Cohen: "[Full-Disclosure] more about IMAP"
In reply to: Mike Chambers: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Carlos Laviola: "Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Tim Jackson: "Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is there anyway to turn off the Flash ActiveX control for Windows?  I've
tried removing it from my system and Web sites just keep downloading it
again.  If I turn off ActiveX completely, then Internet Explorer is
constantly warning me that Web pages that use Flash-based banner ads
will not be displayed properly.  

All I want to do is a surf the Web with a little less motion on the
screen.  I've already turned off animated GIFs which partially solves
the problem.

The ability to turn Flash is also important given the recent spate of
Flash security holes.

Richard M. Smith
http://www.ComputerBytesMan.com

-----Original Message-----
From: Mike Chambers [mailto:mchamberat_private] 
Sent: Friday, August 09, 2002 5:44 PM
To: 'BUGTRAQ'
Subject: RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow

The linux and solaris updates will be avaliable later today.

You will be able to download it at:
www.macromedia.com/go/getflashplayer/ 

mike chambers

meshat_private

> -----Original Message-----
> From: Scott Lampert [mailto:scottat_private] 
> Sent: Friday, August 09, 2002 3:45 PM
> To: BUGTRAQ
> Subject: Re: EEYE: Macromedia Shockwave Flash Malformed 
> Header Overflow
> 
> 
> On Thu, Aug 08, 2002 at 05:26:20PM -0700, Marc Maiffret wrote:
> > Vendor Status:
> > Macromedia has released a patch for this vulnerability, 
> available at:
> > 
> http://www.macromedia.com/v1/handlers/index.cfm?ID=23293&Metho
d=Full&Title=M
>
PSB02%2D09%20%2D%20Macromedia%20Flash%20Malformed%20Header%20Vulnerabili
ty%2
> 0Issue&Cache=False
> 
> Discovery: Drew Copley
> Exploitation: Riley Hassell
> 

As far as I can see there is no update to the UNIX versions.  The files
are all dated March 25.  The bulletin describes version 6 of the Flash
player as the fix, however that doesn't seem to be available for
anything other than Windows and Mac.  Am I missing something?
    -Scott

-- 
Scott Lampert
<scottat_private>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, 1759

Public Key: http://www.lampert.org/public_key.asc

Next message: Kanatoko: "Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability"
Previous message: Guy Cohen: "[Full-Disclosure] more about IMAP"
In reply to: Mike Chambers: "RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Carlos Laviola: "Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Next in thread: Tim Jackson: "Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 10 2002 - 11:23:46 PDT