On Fri, Aug 09, 2002 at 05:44:27PM -0400, Mike Chambers wrote: > The linux and solaris updates will be avaliable later today. > > You will be able to download it at: > www.macromedia.com/go/getflashplayer/ I've downloaded this fixed version, but it seems to be vulnerable to something I've discovered last week: if you take a .swf and rot13 encode it (not all of it, so the headers are not messed up), you can crash the user's browser. I've tested it on Netscape 4.77 with Flash 4.0 r12 and Galeon 1.2.5, which is based on Mozilla 1.0, with Flash 5.0 r50 (both running on Debian unstable) and IE 6.0 (on Windows 2000) and all of them crash instantly when I try to open the rot13-garbled file. Check it out: http://alternex.com.br/~claviola/sample1.swf (original) http://alternex.com.br/~claviola/sample2.swf (modified) -- Carlos Laviola <carlosat_private>
This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 15:51:21 PDT