Gnash, Lightspark, and Shumway
Posted Nov 25, 2012 21:25 UTC (Sun) by khim
In reply to: Gnash, Lightspark, and Shumway
Parent article: Gnash, Lightspark, and Shumway
We are talking about different kinds of vulnerabilities. eval() can cause problems, sure, but eval in a sandbox still can't escape the sandbox. C++ code, on the other hand, can in general affect the outside system.
No, it can not do that. The most you can do is create some kind of logic fault in the program itself - exactly what eval() tends to do. Effects buffer overflows in C++ program and misquoting in eval() in JS tend to be surprisingly similar.
to post comments)