Flash NULL pointer + offset code execution . . .

I tend to agree - Mark Dowd is clearly not human: http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/

This kind of thing makes me want to like . . . go work on cars or something. :)

So here's what's sort of scary about Mark's paper and mentioned in the Matasano post - but worth reiterating here . . . this paper could usher in a new era of reliable exploitation for Flash based vulnerabilities. 
Sort of like what Skylined did for IE exploitation using Javascript based heap spray . . .

Harsh times . . .

Published 15 April 08 10:24 by Robert_Hensing

Comments

# David LeBlanc's Web Log said on April 16, 2008 5:37 PM:

Must be synchronicity. I started out the day with a really interesting mail from Chris Wysopal talking

# JD on EP said on April 17, 2008 12:09 AM:

"Flash vulnerability" story: I'm bumping this up to my weblog, because OS News requires membership for comments, and their source, Thomas Ptacek, has not yet published the comment I submitted. The Mark Dowd paper describes an issue which was addressed

Anonymous comments are disabled
Page view tracker