CVE-2002-1625

Step 1: Payload Delivery: An attacker crafts a malicious webpage containing Flash content. This content includes ActionScript code that utilizes the loadMovie or loadSound commands to initiate the streaming of large or numerous files from a remote server. Step 2: Connection Establishment: When a user visits the malicious webpage, the Flash Player 6 instance on the user's machine begins to establish connections to the attacker's server to stream the specified content. Step 3: Persistent Connections: Even if the user navigates away from the malicious webpage, the Flash Player 6 instance continues to maintain the established connections, consuming bandwidth and resources. Step 4: Resource Exhaustion: The attacker can repeat the process, loading multiple movies or sounds, to exhaust the user's bandwidth, CPU, and potentially other system resources. Step 5: Denial of Service: The continued resource consumption eventually leads to a denial of service, as the user's system becomes unresponsive or significantly degraded in performance.

The vulnerability stems from a failure in Flash Player 6 to properly manage and terminate network connections initiated by the loadMovie and loadSound functions. Specifically, when these functions are used to stream content, the player does not release the connection when the user navigates away from the webpage. This leads to a resource leak, where connections remain open and consume bandwidth and CPU cycles. The root cause is a missing or flawed implementation of connection management, failing to account for the lifecycle of the loaded content and the user's interaction with the webpage. There is no specific buffer overflow or race condition identified, but rather a design flaw in connection handling.