Mark Dowd's null pointer dereference exploit and advanced Flash ActionScript techiques proove definitively: Aliens Do Exist!

Mark Dowd's null pointer dereference exploit and advanced Flash ActionScript techiques proove definitively: Aliens Do Exist!

Summary: Alright, I'm just going to start out with a little background before I start, this particular research was so cool that I've been talking about it all day.  Reading this whitepaper, written by Mark Dowd, was as exciting to me as watching highlights of Michael Jordan sinking that winning shot, which when you look at the replay looks like he's jump kicking Craig Ehlo right in his face.

SHARE:

Jordan over EhloAlright, I'm just going to start out with a little background before I start, this particular research was so cool that I've been talking about it all day.  Reading this whitepaper, written by Mark Dowd, was as exciting to me as watching highlights of Michael Jordan sinking that winning shot, which when you look at the replay looks like he's jump kicking Craig Ehlo right in his face.  In fact, Dowd's research is that cool, that's right, cool enough to kick Craig Ehlo in the face.  Here's an image (to the right) in case you don't remember.

Just a bit of background, null pointer dereference issues are unbelievably difficult to exploit, and in fact, currently in most cases they are not exploitable.  Barnaby Jack had some research describing techniques for specific architectures and situations where it may be exploitable, and skape (aka Matt Miller) plus Skywing (aka Ken Johnson) discussed some of this in the Windows world on Uninformed, but Mark Dowd from IBM X-Force has blown my mind, as I just today read his 25-page report on the exploitation of a null pointer dereference issue in Adobe Flash.  Oh, by the way, it's not just an exploit of a null pointer dereference issue, it's a reliable one that is likely cross-platform.

I called most of the security researchers that I work on my research with, I called friends at work, told a few clients, hell, I even called and told my Mom about it.  Yeah, I know what you're thinking, how could the research really be that cool if my Mom could understand it?  Well, of course she couldn't understand it, most people can't!  The level of hard-core bad assery (yeah, I made up a new word just for this), involved in this is unbelievable.  Reading this article, I felt like Dowd must be an alien with advanced intelligence to have pulled this off.  I reserve comments like that for very specific scenarios, and in fact, I think I've only used it once before when discussing some research performed by skape (aka Matt Miller of Leviathan).

I'm not the only one stunned by the technical details.  I talk with Thomas Ptacek (from Matasano) from time to time, and I count him one of the most intelligent people I've met, very legit.  Even he was thoroughly excited about this, which is clearly evident from his blog entry on the subject.  Actually, even if you already know you won't understand what's being talked about, you should read Ptacek's article anyways.  He really breaks it down quite well.  After I read it a few times I felt like I understood quite a bit, but in any case, Ptacek's article is hilarious as always, so it's a good read anyways.

In fact, I'm not even going to talk further about this, I'm just going to point you to the original whitepaper and Ptacek's blog, which will do the issue far more justice than I could.  I count myself very technical, and I've done some very cool stuff in my own right, but I know my limits, and this research goes past what those limits currently are.

It's been a rough month for Adobe, which is too bad since they seem like good and intelligent guys on the security team.  Unfortunately, they have the unenviable job of securing software integrated into all browsers on all Operating Systems that's used on tons of websites.  Thanks to their dilligent work of the Adobe Security Team and responsible disclosure by Dowd, this terrifying issue is already patched.

If anyone has specific questions or thoughts after reading the whitepaper or Ptacek's article, feel free to post talkbacks and I may seek out an interview with Dowd to discuss.

-Nate

Topics: Enterprise Software, Browser, CXO

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Afraid of missing an ad?

    Who's stilling running with Flash? What are you worried you'll miss an ad or get information overload from browsing the web too fast? It's hard to even read ZDNet with Flash enabled without locking up...
    Johnny Vegas
    • Haha

      It's a good point man, but I wouldn't expect flash to go away from the web anytime soon. Start really worrying when all the apps become desktop based (see Adobe Air) and the adds are delivered right to your desktop.

      -Nate
      nmcfeters
      • ...

        "[B]...and the adds are delivered right to your desktop.[/B]"

        I stopped watching TV because of ads. If it gets to the point where I am annoyed with ads on my desktop, then I will go back to the old aps and say f*** the online experience.

        Sorry but enough is enough already. ]:)
        Linux User 147560
        • Hahaha

          Or just stop using your computer all together. Hey man, it could be Japan, we could have adds painted everywhere!

          -Nate
          nmcfeters
          • ...

            That's why I pay a little extra to live where I do... billboards are illegal, and the country side it beautiful and gawdy signs are not allowed on buildings. It's visually appealing.

            I supposed one of the reasons I run Linux is so I don't have to deal with ads in my software. So I don't really forsee myself having to worry about it. But if it get's to that point, then yes I would dump the computer too. It's just not that important to me. ]:)
            Linux User 147560
          • Nice

            Nice, where are you living at? I desparately miss the more rural areas... the city can choke you down over time.

            -Nate
            nmcfeters
          • ...

            Monterey, CA. Work in Santa Cruz. Commute by van pool now. Moved the family once the prices of homes dropped enough where we could get a nice new place, rent the old place to pay for the new place type deal. ]:)
            Linux User 147560
  • RE: Bad Assery

    How's having one of your primary school friends getting shout outs on slashdot for bad assery? That's awesome Nate. I need to get your email sometime so we can grab some beers. Take care man.

    Josh
    jstevens199
    • H-H in the house!

      Josh Stevens, long time no talk, you can get me at nate.mcfeters@gmail.com. I'm in Chicago now, not sure where you landed. Let's definitely go grab a beer and soon!

      -Nate
      nmcfeters
  • RE: Mark Dowd's null pointer dereference exploit and advanced Flash ActionScript techiques proove definitively: Aliens Do Exist!

    expover microsoft internet working at sites with the
    <a href="http://www.fesbuksohbet.com" title="fesbuk" target="_blank">fesbuk</a> - and <a href="http://www.balimsohbet.com" title="sohbet odalar?" target="_blank">sohbet odalar?</a> - and <a href="http://www.manolyam.net" title="Mynet" target="_blank">mynet</a> - <a href="http://www.manolyam.net" title="Mynet sohbet" target="_blank">mynet sohbet</a> -
    turkey the microsoft is a good format is also <a href="http://www.facesohbet.net" title="face" target="_blank">face</a> -
    <a href="http://www.sohbetcide.com" title="sohbetci" target="_blank">sohbetci</a> - <a href="http://www.metin2pvpserver.net" title="metin2 pvp" target="_blank">metin2 pvp</a> -
    operiation <a href="http://www.faceboksohbet.com/">facebok</a> - <a href="http://www.twittersohbet.com/">twitter</a>
    Behaviour of desdek bigger role in these sites <a href="http://www.sohbetix.net/">sohbet</a> Microsoft A network connection to the game s dada gubve unwanted surprises
    <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp serverlar" target="_blank">metin2 pvp serverlar</a> - <a href="http://www.metin2pvpindir.com" title="pvp indir" target="_blank">pvp indir</a> -
    <a href="http://www.facesohbet.net" title="facesohbet" target="_blank">facesohbet</a> -
    <a href="http://www.twittersohbet.com/yonja-sohbet" title="yonja" target="_blank">yonja</a> - and <a href="http://www.faceboksohbet.com" title="facebok" target="_blank">facebok</a> -<a href="http://www.sexsohbeti.org" title="sex sohbet" target="_blank">sex sohbet</a> - <a href="http://www.sexmuhabbet.net" title="sex hikayeleri" target="_blank">sex hikayeleri</a> -
    <a href="http://www.sohbetcide.com" title="sohbet" target="_blank">sohbet</a> -
    aygulum
  • Confusion

    I'm a little confused about this article. Are you talking about security issues with Adobe Flash, or are you talking about problems with null pointer references and how to debug them? I'm trying to figure out how to debug null pointer references with Flash and action script. Do you know where I can find this out?
    MicheleCl