News

Macromedia patches hole in Flash software

A security vulnerability in the widely used Macromedia Flash player can allow an attacker to gain control over a user's PC, according to eEye Digital Security.

A specially formatted Flash file can cause a header overflow in the Flash software, potentially giving an attacker control over a PC, eEye said in a security advisory. Exploiting an overflow flaw generally allows attackers to load malicious code onto a victim's system and to run that code.

To exploit the vulnerability, an attacker has to hand-edit the Flash file with a binary editor, as the Flash authoring tool does not produce files that contain the vulnerability on its own, Macromedia said in a separate bulletin on its Web site at www.macromedia.com/v1/handlers/index.cfm?ID=23569

A corrupt Flash file could be placed on a Web site or sent to a user in an HTML e-mail. The vulnerability is serious because Flash is widely used on various operating systems and because vulnerable versions of the software are delivered as part of many software packages, said eEye.

All versions of the Macromedia Flash Player are affected before version 6.0.65.0, which was released late last week to fix the issue, Macromedia said. All users are advised to upgrade to the new version, the San Francisco company said.

The eEye advisory is at www.eeye.com/html/Research/Advisories/AD20021216.html

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy