dcsimg
A Flash Developer Resource Site

Results 1 to 9 of 9

Thread: [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [

  1. #1
    Junior Member
    Join Date
    Feb 2002
    Posts
    12
    If you play some bad swf with flash mx player, can cause a critical error
    win9x or winme system can get a blue screen and reboot

    player version: 6.0.21.0

    sample:
    http://gumu.net/non/attach/128726-crashx.swf

  2. #2
    Moderator enpstudios's Avatar
    Join Date
    Jun 2001
    Location
    Tampa, Fl.
    Posts
    11,282
    Yeah I really wanna view a corrupt .swf file !!


  3. #3
    Registered User
    Join Date
    Feb 2001
    Posts
    13,044
    Yeah I really wanna view a corrupt .swf file !!
    just use ascii mode to upload one of yours...

    @pinoc: couldn't you crash system with old player versions as well?

    Musicman

  4. #4
    Junior Member
    Join Date
    Feb 2002
    Posts
    12
    Don't direct view in IE, you must download first then view in your HD

  5. #5
    Junior Member
    Join Date
    Mar 2002
    Posts
    22
    Since when is crashing someone's computer with crappy code a 'critical bug'?

  6. #6
    Senior Member
    Join Date
    Jul 2000
    Posts
    126
    Originally posted by driverdave
    Since when is crashing someone's computer with crappy code a 'critical bug'?
    Being able to cause a GPF means that it might be possible to run user-defined code. This is the way that buffer-overflow attacks work, and we all know how deadly they can be (remember the Code Red worm).

    If a cracker can get people to view a Flash movie that exploits this GPF bug then they could take over the machine or silently place virus code - or code to be activated later.

  7. #7
    Beyond the Sea
    Join Date
    Mar 2000
    Posts
    997
    ok, but that is true of anything you download and then run. Most users don't check to see if the thing they're opening is a .vbs or an .exe or an .swf and THAT's how viruses work. It's the user's decision to download and run something from someone they don't know.

    at least, that's how I see it...

    There is no security problem with Flash content viewed online.

  8. #8
    Senior Member
    Join Date
    Jul 2000
    Posts
    126
    Originally posted by Kraken
    It's the user's decision to download and run something from someone they don't know.
    The problem here is that you do not have to give permission in order for the Flash movie to cause a GPF.
    If you have the Flash player and you go to a page that contains a malicious SWF then you have no opportunity to prevent this problem.

    The SWF linked in the first message caused IE to GPF for me on both Win2K and WinXP - just by clicking on the link.

    This problem was there in Flash 4 and 5 - if you created text with an out-of-range glyph index then you could cause a GPF.

  9. #9
    Registered User
    Join Date
    Feb 2001
    Posts
    13,044
    Hi,

    just for the record: viewing this movie on 'crappy ol nutscrape' will kill the browser too - but not reboot your machine
    Of course known player bugs should not survive for three versions

    Musicman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center