On mySimon: Samsung 55" LED TV
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 1 of 59:
Next »
So NO, we did not duplicate it on any other platform.
What Nate states is this is a compiler issue with a polymorphism/name mangling bug. Therefore, it is not a
Adobe coding issue. So my questions still remain:
1) Have you duplicated this on another platform?
No.
2) What compiler did Adobe use to compile Flash?
Bet it was Visual C++ by MS.

Nate: The flaw you discovered was in Adobe Flash, was this
truly a cross-platform attack?Shane: Yeah, there?s a stack
issue, where a type is accepting 3 parameters when it is
defined to accept 2, possibly some polymorphism/name
mangling bug, but either way, this object get?s called
through the 3rd invalid/uninitialized memory that winds
up jumping wherever we had pre-filled memory to.
Posted by: LittleGuy   Posted on: 04/02/08 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

So NO, we did not duplicate it on any other platform.  LittleGuy | 04/02/08
Argh...  nmcfeters | 04/02/08
You are showing your ignorance, name mangling  LittleGuy | 04/02/08
Details  nmcfeters | 04/02/08
Not enough proof, we agree.  LittleGuy | 04/03/08
Agreed  nmcfeters | 04/03/08
We will never know the truth, because  LittleGuy | 04/03/08
RE: Interview with the Vista Pwn2Own contest winners  Loverock Davidson | 04/02/08
Right on!  nmcfeters | 04/02/08
That is the problem  GuidingLight | 04/02/08
Yeah  nmcfeters | 04/03/08
Excuses, Excuses LoserBoy  itanalyst2@... | 04/03/08
Correction  nmcfeters | 04/03/08
So you are settling into ZDnet Talkbacks now  nucrash | 04/03/08
Yep  nmcfeters | 04/03/08
Religion is a Terrible Thought Process  nucrash | 04/03/08
RE: Religion...  nmcfeters | 04/04/08
re: yep  rtk | 04/03/08
Got Root?  Sysadm1n | 04/05/08
well, first.  rtk | 04/05/08
Re:Excuses, Excuses LoserBoy  philpenn | 04/03/08
RE: Interview with the Vista Pwn2Own contest winners  30otnix | 04/02/08
DEP  nmcfeters | 04/02/08
Still confused...  30otnix | 04/02/08
A name is only a name...  nmcfeters | 04/03/08
But according to the CanWestSec article I read  tracy anne | 04/03/08
read the article.  rtk | 04/03/08
Umm, I did  tracy anne | 04/03/08
Here's the "money" quote:  rtk | 04/04/08
And  tracy anne | 04/03/08
RE: And  nmcfeters | 04/04/08
RE: Interview with the Vista Pwn2Own contest winners  Linux User 147560 | 04/02/08
Nope  nmcfeters | 04/02/08
...  Linux User 147560 | 04/02/08
Hard to say  nmcfeters | 04/02/08
...  Linux User 147560 | 04/02/08
Let's see  nmcfeters | 04/02/08
again, the OS didnt lose, the third party app did  Been_Done_Before | 04/02/08
Exactly!  nmcfeters | 04/02/08
RE: again, the OS didnt lose, the third party app did  gdstark13 | 04/03/08
Ok  nmcfeters | 04/04/08
RE: Ok  gdstark13 | 04/04/08
Flash or Java?  jshaw4343 | 04/02/08
Flash or Java?  nmcfeters | 04/03/08
The Scientology of software  BALTHOR | 04/02/08
I think that DEP is Windows' support for hardware NX.  Zogg | 04/03/08
Oops, should have reply to 30otnix! (nt)  Zogg | 04/03/08
simple solution  gdstark13 | 04/03/08
The question I have is  tracy anne | 04/03/08
couple of points.  rtk | 04/03/08
So that means  tracy anne | 04/03/08
re: So that means  rtk | 04/03/08
re: so that means  woot@... | 04/03/08
local user access  tracy anne | 04/03/08
You're missing the point  nmcfeters | 04/04/08
DEP isn't the problem  nmcfeters | 04/04/08
It would really be nice if they would break it down better.  shardeth | 04/03/08
RE: Interview with the Vista Pwn2Own contest winners  woot@... | 04/04/08
Maybe  nmcfeters | 04/04/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

SmartPlanet

Click Here