[ISN] Security Flaw Found in Flash Player

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 01:52:28 PDT

  • Next message: InfoSec News: "Re: Points to ponder, was Re: [ISN] Deceptive Duo in the news again"

    Sam Costello, IDG News Service
    Friday, May 03, 2002
    A security hole in the way Macromedia's Flash player handles ActiveX
    content could allow an attacker to run the code of their choice on
    vulnerable systems, according to a security advisory published by eEye
    Digital Security late Thursday.
    Macromedia is offering a new download of the player which fixes the
    The vulnerability affects the Flash.ocx ActiveX component of the Flash
    player version 6 revision 23, and may affect earlier versions as well,
    Aliso Viejo, California, eEye says in its alert. The Flash.ocx
    component is installed with Internet Explorer, as well as with the
    Flash player, eEye says.
    Hidden Code
    A buffer overflow in Flash.ocx could allow an attacker to run code of
    their choice on a vulnerable system when a user reads an
    HTML-formatted e-mail containing attack code, visits a Web site with
    attack code in it or uses Internet Explorer to display any other third
    party HTML, eEye says.
    EEye says that Macromedia, based in San Francisco, was already aware
    of the issue when it contacted the company and that the latest version
    of the Flash player fixed the flaw. Users should upgrade to the latest
    version of the Flash player, version 6 revision 29, eEye says.
    The updated Flash player can be downloaded from Macromedia's Web site.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue May 07 2002 - 05:00:57 PDT