http://www.example.com/Example.swf?debugMode=1&dataURL=%27%3E%3Cimg+src%3D%22http%3A//cannings.org/DoKnowEvil.swf%3F.jpg%22%3E
InfoSoft was contacted on September 2, 2007. Fixes for all issues we
found were released in late September. Webmasters should consult
InfoSoft to properly upgrade their SWFs. See "The Fix" for details.
Techsmith Camtasia
One of the issues found in Camtasia was that the "csPreloader"
parameter loads an arbitrary flash file:
and possibly others.
6. Solution
Upgrade to the latest version. According to Kaseya, "The fix was actually
deployed with hotfix #1686, Files Released to VSAUpdate, batch 499 on
1/30/2012 6:16:06 PM"
7. Timetable
23/03/2009 : Send proof of concept, description the terms under which
I cooperate and the planned disclosure date (02/04/2009)
26/03/2009 : Technical Support responds
"The fix for this was minor, with virtually no potential
for side effects - so it was added to the current
development branch for engine version 4.5 - being
low-priority, it will not be added to the 4.4 branch.
In other words, the fix will be included in the next
Details follow:
David Ford discovered that the IPv4 defragmentation routine did not
correctly handle oversized packets. A remote attacker could send
specially crafted traffic that would cause a system to crash, leading
to a denial of service. (The fix was included in the earlier kernels
from USN-864-1.) (CVE-2009-1298)
Akira Fujita discovered that the Ext4 "move extents" ioctl did not
correctly check permissions. A local attacker could exploit this to
overwrite arbitrary files on the system, leading to root privilege
no official indication of a plan to provide immediate resolution.
. 2008-04-14:
CERT/CC asks if Core will publish the advisory before mid-year and
states concerns about the potential time elapsed between advisory
publication and release of the fix. CERT/CC will likely put out
information soon after Core does and expresses its interest to receive
more information from the vendor regarding their response plan.
. 2008-04-14:
AusCERT notes that Core has given the CERTs the time to notify possibly
