If a Flash 9 SWF loads two SWF files with different SWF version
numbers from two distinct HTTP requests to the exact same URL
(including query string arguments), then Adobe's Flash Player plug-in
will try to dereference a null pointer. This issue affects at least
versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS
X, and Linux. For browsers where plug-ins run in the same process
(e.g., Internet Explorer 6 and 7, Firefox 3, and Safari 3 on Windows
and OS X), this causes the entire browser process to crash.
Sample code demonstrating this issue is available at
http://www.mochimedia.com/~matthew/flashcrash/.
On 2008.09.22, I submitted this issue to Adobe's JIRA bug tracking
system, which recorded it as issue #FP-677. On 2008.09.23, the ticket
was changed to private for security reasons, and Adobe told me they
were able to reproduce the issue and were investigating it. On
2008.09.26, I told Adobe I planned on submitting this issue to BugTraq
and asked if they had found any workarounds for users that I could
include. On 2008.10.01, they told me they had resolved the problem
and that a fix will be included in the next public update, but they
did not provide any workarounds.
Matthew Dempskyhttp://www.mochimedia.com
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum