Flasher Archive

[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]


Subject: Re: ATTN JD:: FLASH: Macromedia Flash makes front page of foxnews.com
From: John Dowdell
Date: Mon, 8 Jan 2001 21:26:56 GMT

At 11:55 AM 1/8/1, stephan seifert wrote:
> ...if someone could forward or repost them here....

Here's the high-level statement from Friday, closing out this issue:

> Macromedia was recently informed of a potential issue with the
> Macromedia Flash Player, whereby a Macromedia Flash (SWF) file could
> be hand coded to send more information to a user's machine than the
> file indicates is being sent. After extensive testing and
> communication with the developer who initially reported this
> potential issue, Macromedia has found no security issue to exist.
> If a maliciously-coded SWF file were encountered, the effect of
> this "heap buffer read overflow" error would be limited to crashing
> a user's browser. Macromedia does appreciate the work of the
> developer who reported this problem and will continue to take any
> potential security issues very seriously.

A more detailed technical analysis was submitted to Bugtraq last week, and
should be appearing in its various mirrors soon... here's the address of
this record in one such archive:
http://www.securityfocus.com/bid/2161

People in the PR group here are also contacting the various news services
which copied the original and incomplete story, hoping to get a followup
story with the resolution. (That's often a difficult task, however.... ;-)

jd




John Dowdell, Macromedia Tech Support, San Francisco CA US
Search technotes: http://www.macromedia.com/support/search/
Offlist email risks capture by the spam filters. I may not see your
email if it's not on the list. Private one-on-one email options are
available via Priority Access: http://www.macromedia.com/support/



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
flasher is generously supported by...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
flashforward2000 and the Flash(tm) Film Festival
November 27-29, 2000, LONDON, National Film Theatre

Produced by United Digital Artists and lynda.com
-Sponsored by Macromedia, Adobe Systems and Apple Computer
-http://www.flashforward2000.com or UK tel. +44 (0870) 751 1526
Register before November 10 and save �200
http:// www.flashforward2000.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe or change your list settings go to
http://www.chinwag.com/flasher or email helpatchinwag [dot] com


[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]