[Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [

**pinoc** · 03-31-2002, 08:59 PM

If you play some bad swf with flash mx player, can cause a critical error
win9x or winme system can get a blue screen and reboot

player version: 6.0.21.0

sample:
http://gumu.net/non/attach/128726-crashx.swf

**enpstudios** · 03-31-2002, 09:08 PM

Yeah I really wanna view a corrupt .swf file !!

**Musicman** · 03-31-2002, 09:16 PM

Yeah I really wanna view a corrupt .swf file !!

just use ascii mode to upload one of yours...

@pinoc: couldn't you crash system with old player versions as well?

Musicman

**pinoc** · 03-31-2002, 09:21 PM

Don't direct view in IE, you must download first then view in your HD

**driverdave** · 04-01-2002, 01:31 AM

Since when is crashing someone's computer with crappy code a 'critical bug'?

**nmain** · 04-01-2002, 01:38 AM

Originally posted by driverdave
Since when is crashing someone's computer with crappy code a 'critical bug'?

Being able to cause a GPF means that it might be possible to run user-defined code. This is the way that buffer-overflow attacks work, and we all know how deadly they can be (remember the Code Red worm).

If a cracker can get people to view a Flash movie that exploits this GPF bug then they could take over the machine or silently place virus code - or code to be activated later.

**Kraken** · 04-01-2002, 02:32 AM

ok, but that is true of anything you download and then run. Most users don't check to see if the thing they're opening is a .vbs or an .exe or an .swf and THAT's how viruses work. It's the user's decision to download and run something from someone they don't know.

at least, that's how I see it...

There is no security problem with Flash content viewed online.

**nmain** · 04-01-2002, 02:55 AM

Originally posted by Kraken
It's the user's decision to download and run something from someone they don't know.

The problem here is that you do not have to give permission in order for the Flash movie to cause a GPF.
If you have the Flash player and you go to a page that contains a malicious SWF then you have no opportunity to prevent this problem.

The SWF linked in the first message caused IE to GPF for me on both Win2K and WinXP - just by clicking on the link.

This problem was there in Flash 4 and 5 - if you created text with an out-of-range glyph index then you could cause a GPF.

**Musicman** · 04-01-2002, 03:59 AM

Hi,

just for the record: viewing this movie on 'crappy ol nutscrape' will kill the browser too - but not reboot your machine
Of course known player bugs should not survive for three versions

Musicman

Thread: [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [Resolved] [

Thread Tools

Display

Posting Permissions