Information Security News mailing list archives
Security Flaw Found in Flash Player
From: InfoSec News <isn () c4i org>
Date: Tue, 7 May 2002 03:52:28 -0500 (CDT)
http://www.pcworld.com/news/article/0,aid,98263,00.asp Sam Costello, IDG News Service Friday, May 03, 2002 A security hole in the way Macromedia's Flash player handles ActiveX content could allow an attacker to run the code of their choice on vulnerable systems, according to a security advisory published by eEye Digital Security late Thursday. Macromedia is offering a new download of the player which fixes the flaw. The vulnerability affects the Flash.ocx ActiveX component of the Flash player version 6 revision 23, and may affect earlier versions as well, Aliso Viejo, California, eEye says in its alert. The Flash.ocx component is installed with Internet Explorer, as well as with the Flash player, eEye says. Hidden Code A buffer overflow in Flash.ocx could allow an attacker to run code of their choice on a vulnerable system when a user reads an HTML-formatted e-mail containing attack code, visits a Web site with attack code in it or uses Internet Explorer to display any other third party HTML, eEye says. EEye says that Macromedia, based in San Francisco, was already aware of the issue when it contacted the company and that the latest version of the Flash player fixed the flaw. Users should upgrade to the latest version of the Flash player, version 6 revision 29, eEye says. The updated Flash player can be downloaded from Macromedia's Web site. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Security Flaw Found in Flash Player InfoSec News (May 07)