Macromedia Flash Player数组索引内存访问漏洞(MS06-020)

Macromedia Flash Player是一款非常流行的FLASH播放器。 Macromedia Flash Player用于播放SWF文件的Flash.ocx代码中存在漏洞，成功利用这个漏洞的攻击者可以远程执行任意代码。 其中的一个函数栈维护有256个元素的函数指针表，没有强制数组边界便将从SWF文件读取的帧类型标识符用作了数组索引。以下反汇编描述了受影响的代码： .text:1002714F mov eax, esi+0CA4h ; type number .text:10027155 mov ecx, esi+94h ; base of table .text:1002715...

Flash Player swf Processing Multiple Unspecified Code Execution (APSB06-03)

According to its version number, the instance of Flash Player on the remote Windows host contains multiple critical and as-yet unspecified vulnerabilities that could allow an attacker to take control of the affected host. To exploit these issues, a user must load a malicious SWF file in Flash...