Slashdot Mirror

← Back to Stories (view on slashdot.org)

NULL Pointer Exploit Excites Researchers

Posted by Soulskill on from the ruh-roh-shaggy dept.

Da Massive writes "Mark Dowd's paper "Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" has alarmed researchers. It points out techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult. Already, the small but growing group of Information Security experts who have had the chance to read and digest the contents of the paper are expressing an excited concern depending on how they are interpreting it. While the Flash vulnerability described in the paper[PDF] has been patched by Adobe, the presentation of a reliable exploit for NULL pointer dereferencing has the researchers who have read the paper fascinated. Thomas Ptacek has an explanation of Dowd's work, and Nathan McFeters at ZDNet is 'stunned by the technical details.'"

3 of 327 comments (clear)

  1. Re:boring? by ubernostrum · · Score: 5, Insightful

    Wow, an error in a program. This seems akin to ground-breaking front-page news: a cat stuck in a tree rescued by firemen.

    Actually, it is a big deal, as you'd know if you'd read the article(s). But you're too lazy for that, so here's the short summary:

    Lots of interesting (and important) security problems revolve around figuring out a way to take an error in a program, and turn it into a way to have that program execute arbitrary code of your choice. Traditionally, NULL pointer exceptions have not been fruitful ground for this because, well, a NULL pointer is NULL -- there's nothing on the other end of the pointer for the unsuspecting program to read or execute, so it simply crashes. And merely crashing the program isn't really all that interesting, since at best it lets you execute a denial-of-service. But this guy (Dowd) found what would have been a run-of-the-mill NULL pointer exception in Flash and parlayed it into full-scale arbitrary code execution through a series of fairly impressive tricks. You really should go read Ptacek's summary, because it has all the gory details and will, if nothing else, make you realize what an amazing hack this is.

  2. Re:Why the java icon? by ChunderDownunder · · Score: 5, Insightful

    Probably because they see JavaScript, bytecode and virtual machine all in the same sentence. Put two and two together and you end up with five.

  3. Re:Big deal by Anonymous Coward · · Score: 5, Insightful

    Because it can probably be made to work cross-version, cross-platform and cross-architecture?

    Because everyone has Flash installed?

    Because it opens up a whole class of common bugs previously thought to be unexploitable?

    Because the way he does it is nothing short of godlike?

    This is HUGE.