NULL Pointer Exploit Excites Researchers

Da Massive writes "Mark Dowd's paper "Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" has alarmed researchers. It points out techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult. Already, the small but growing group of Information Security experts who have had the chance to read and digest the contents of the paper are expressing an excited concern depending on how they are interpreting it. While the Flash vulnerability described in the paper[PDF] has been patched by Adobe, the presentation of a reliable exploit for NULL pointer dereferencing has the researchers who have read the paper fascinated. Thomas Ptacek has an explanation of Dowd's work, and Nathan McFeters at ZDNet is 'stunned by the technical details.'"

You just plagiarized another article

That's all

Re:The crux of the exploit:

[master_p]

Thanks a lot.

Assuming that Flash is made in C or C++, here is another very vivid example of why these languages should be banned.

If failure of allocation threw an exception, instead of just returning null, there would be no problem.

Re:Big deal

[Viol8]

"Because it can probably be made to work cross-version, cross-platform and cross-architecture?"

The bug might be cross platform but the exploit will require platform specific code.

"Because everyone has Flash installed?"

Speak for yourself pal.

"Because the way he does it is nothing short of godlike?"

You're kidding me? Its clever but its no cleverer than a dozen other exploits. Read around a bit more.

"This is HUGE."

Bollocks.

Re:hmm.

[Kalriath]

The difference is that in Linux the browser runs as you and so can only affect your own files ... (Which you have backed up?) On Windows the browser runs as an elevated user and so can affect much more ... Bullshit. Except on Vista (where the browser runs with less privileges than the user), IE runs in the exact same security context as the user who ran it.