[VIM] Flash.ocx function name? (fwd)
security curmudgeon
jericho at attrition.org
Wed Nov 16 06:20:37 EST 2005
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Steve Manzuik <smanzuik at eeye.com>
Date: Wed, 16 Nov 2005 06:18:39 -0500 (EST)
Subject: Flash.ocx function name?
18825: Macromedia Flash Player Flash.ocx Unspecified Function Arbitrary Code
Execution
I had to change this to 'unspecified function' because of the release of
another vuln shortly after eEye's.
1002580: Macromedia Flash Player Flash.ocx ActionDefineFunction Function
Arbitrary Code Execution
I'm about to move this to stable but this comes from:
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0154.html
This issue is similar to CAN-2005-2628 (as reported by eEye Digital
Security on November 4, 2005) but affects a different function.
Coincidentally, Macromedia has received our notification of this bug on
the same day (June 27).
So to help distinguish, can eEye release the vulnerable function name they
discovered?
Thanks!
Brian
More information about the VIM
mailing list