"Michael E. Cummins" wrote:
>
> Are there any documented instances of being able to cause a buffer overrun
> with a flash or shockwave file?
>
> Has anyone heard of such a thing, reliably?
My stance is "if no one has found any vulnerabilities in a particular piece
of software, it's not because it's safe, it's only because no one has bothered
to exploit it".
I mean... c'mon.. RTF is a _really_ simple format. Yet there are
buffer overruns in the RTF parsers. JPG is also simple. Buffer overruns
there again. What of such a complex scripting language such as
shockwave? OF COURSE there are vulnerabilities in it!!
> I know that preventive action is better than corrective... I am just curious
> if this is a current or potential threat...
Not "current" per se. Definately "potential".
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
