NULL Pointer Exploit Excites Researchers 327
Da Massive writes "Mark Dowd's paper "Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" has alarmed researchers. It points out techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult. Already, the small but growing group of Information Security experts who have had the chance to read and digest the contents of the paper are expressing an excited concern depending on how they are interpreting it. While the Flash vulnerability described in the paper[PDF] has been patched by Adobe, the presentation of a reliable exploit for NULL pointer dereferencing has the researchers who have read the paper fascinated. Thomas Ptacek has an explanation of Dowd's work, and Nathan McFeters at ZDNet is 'stunned by the technical details.'"
The Art of Software Security Assessment (Score:5, Interesting)
Re:fubar (Score:5, Interesting)
Finally because it works on both IE and Firefox and Flash has such a huge installation base it should be able to target a very high percentage of current machines. Larry Osterman called it "The way the world (wide web]) ends [msdn.com]"
Mind you, if Address Space Layout Randomisation was turned on in the Flash executable on Vista, exploiting this hole would most likely (255 times out of 256) lead to a browser crash rather than arbitrary code execution, so it's not like the last few years work on security has been totally wasted. At the moment it's not and you will get owned reliably. Adobe have published an update, so it's a good idea to download it.
http://www.adobe.com/support/security/bulletins/apsb08-11.html [adobe.com]
Back when I was reading about security someone said that buffer overflows that execute code on the stack were first generation exploits. Second generation would be more subtle stuff like this.
Re:Cross platform? I don't think so. (Score:4, Interesting)
The original article already has Russian trackbacks on it.
Re:Cross platform? I don't think so. (Score:3, Interesting)
The exploit already works on two (both Windows versions) out of those five. With some tweaking, it'll work on two more. With some additional work, it will also work on the last one.
The neat thing is that this single exploit can be used to break into any browser, on any operating system.
Anyone still believe that the secure browser from a month or so ago was overkill?
Why the java icon? (Score:5, Interesting)
When it comes a day after this flamebait article [slashdot.org] you have to start to wonder if the Slashdot editors are busy with some massive FUD campaign against Sun or if they are just really ignorant.
Re:Binary blobs (Score:2, Interesting)
Re:The crux of the exploit: (Score:3, Interesting)
Re:flashblock ftw! (Score:4, Interesting)
Try again (Score:1, Interesting)
Re:Help me out here... (Score:3, Interesting)
Re:flashblock ftw! (Score:3, Interesting)
Try it on an old PC (450mhz in my case) with many applications running. I can often hear the sound from the Flash player advert or video before it is 'blocked'.
Re:Binary blobs (Score:3, Interesting)
I do that on my Kubuntu desktop. I use Konqueror with gnash as my default browser, and when it can't handle something I right click and select "open this page in Firefox" (which has the adobe plugin installed.)
Re:Binary blobs (Score:1, Interesting)
Re:flashblock ftw! (Score:3, Interesting)
It may be interesting to see if noscript suffers similar issues.
Maybe some enterprising young security guy could investigate (send reports to flashblock so they an make improvements if required).