On Thu, Apr 04, 2013 at 01:24:29AM +0300, MustLive wrote: > Hello list! > > I want to warn you about Denial of Service vulnerability (BSOD) in Adobe > Flash Player. I've found this vulnerability at 27.01.2013. > > ------------------------- > Affected products: > ------------------------- > > Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI > video cards. > > Adobe have fixed it at 12.02.2013 in their patch APSB13-05 > (https://www.adobe.com/support/security/bulletins/apsb13-05.html), which > fixed multiple vulnerabilities in flash player. At that Adobe did it > hiddenly without mentioned about this vulnerability and without referencing > on me. After my informing in the end of January, they was "checking it" > during 1,5 months and said, that they can't reproduce this vulnerability (at > that I've reproduced it on multiple computers with ATI video cards), that > they don't know anything (the hole was accidentally fixed in APSB13-05) and > this DoS doesn't related to them.
Sorry, but how can this be a vuln in *Flash*, a *user-space* component, if it can be used to cause a BSOD, which, as far as I know, means that something bad happened *in the Kernel*? Sounds to me as if Flash is not the (or at least not the only) culprit...
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
