Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
BID:10057
Info
Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
| Bugtraq ID: | 10057 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2004 12:00AM |
| Updated: | Apr 06 2004 12:00AM |
| Credit: | Discovery is credited to Rafel Ivgi, The-Insider <[email protected]>. |
| Vulnerable: |
Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Macromedia Flash 7.0.19 .0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
It has been reported that Macromedia Flash Player for Internet Explorer may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue is reported to exist in the 'LoadMovie' function by calling the function and loading a flash movie into a non-zero level in the following manner:
LoadMovie 1,"c6ool.swf"
This vulnerability is reported to be tested in Flash Player 7.0 r19 running on WindowsXP Professional SP1 and SP2.
It has been reported that Macromedia Flash Player for Internet Explorer may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue is reported to exist in the 'LoadMovie' function by calling the function and loading a flash movie into a non-zero level in the following manner:
LoadMovie 1,"c6ool.swf"
This vulnerability is reported to be tested in Flash Player 7.0 r19 running on WindowsXP Professional SP1 and SP2.
Exploit / POC
Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
The following proof of concept has been supplied:
<script language=vbscript>
Set mymy2= CreateObject("ShockwaveFlash.ShockwaveFlash.1")
mymy2.LoadMovie 1,"c6ool.swf"
</script>
The following proof of concept has been supplied:
<script language=vbscript>
Set mymy2= CreateObject("ShockwaveFlash.ShockwaveFlash.1")
mymy2.LoadMovie 1,"c6ool.swf"
</script>
Solution / Fix
Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
References:
References: