|
|
Macromedia Flash SWF文件存在缓冲区溢出漏洞
发布时间:2002-12-12
更新时间:2002-12-12
严重程度:中
威胁程度:远程拒绝服务
错误类型:边界检查错误
利用方式:客户机模式
BUGTRAQ ID:6383
受影响系统Macromedia Flash 4.0 r12
Macromedia Flash 5.0 r50
Macromedia Flash 5.0
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 95
- Microsoft Windows 95 SR2
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Macromedia Flash 6.0
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 6.0
+ Netscape Communicator 4.6
+ Netscape Communicator 4.7
+ Netscape Communicator 4.51
+ Netscape Communicator 4.61
+ Netscape Communicator 4.72
+ Netscape Communicator 4.73
+ Netscape Communicator 4.74
+ Netscape Communicator 4.75
+ Netscape Communicator 4.76
+ Netscape Communicator 4.77
+ Netscape Communicator 4.78
+ Netscape Communicator 6.1
Macromedia Flash 6.0.29 .0
Macromedia Flash 6.0.40 .0
Macromedia Flash 6.0.47 .0 详细描述
Macromedia报告当FLASH处理包含特殊畸形头信息的SWF文件时会触发缓冲区溢出。
攻击者可以使用任何两进制编辑器编辑SWF文件,更改头字段,使用户解析这个文件时发生缓冲区溢出,存在执行任意代码的可能。
目前没有具体信息。
测试代码
无
解决方案
升级程序:
Macromedia Flash 4.0 r12:
Macromedia Upgrade Flash 6.0.65.0
http://www.macromedia.com/go/getflashplayer/
Macromedia Flash 5.0 r50:
Macromedia Upgrade Flash 6.0.65.0
http://www.macromedia.com/go/getflashplayer/
Macromedia Flash 5.0:
Macromedia Upgrade Flash 6.0.65.0
http://www.macromedia.com/go/getflashplayer/
Macromedia Flash 6.0:
Macromedia Upgrade Flash 6.0.65.0
http://www.macromedia.com/go/getflashplayer/
Macromedia Flash 6.0.29 .0:
Macromedia Upgrade Flash 6.0.65.0
http://www.macromedia.com/go/getflashplayer/
Macromedia Flash 6.0.40 .0:
Macromedia Upgrade Flash 6.0.65.0
http://www.macromedia.com/go/getflashplayer/
Macromedia Flash 6.0.47 .0:
Macromedia Upgrade Flash 6.0.65.0
http://www.macromedia.com/go/getflashplayer/
相关信息
eEye Digital Security
参考:http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash
http://www.macromedia.com/v1/handlers/index.cfm?ID=23569
|
