Macromedia security hole affects Windows, Unix
Posted by Sleeper on 11 August 2002 - 19:15 · 2 comments & 156 views
About the Author
Full name: Unknown
Forum name:
Sleeper
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
SleeperContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
The vulnerability is limited, however, to Shockwave Flash files edited by hand with a binary editor, meaning that the Flash application will not produce files that contain the vulnerability on its own, according to a separate security alert from Macromedia, which is based in San Francisco, Calif.
The vulnerability is serious because it affects Web browsers, which are trusted by firewalls to receive incoming traffic, and because it affects all versions of Shockwave Flash used in the Internet Explorer and Netscape Navigator Web browsers running on both Windows and Unix, eEye said.
The flaw comes as the result of a problem in the data header of Shockwave Flash files which allows an attacker to supply more data to the file decoder than is expected and in turn can eventually lead to code execution, eEye said.
Because the vulnerability is browser-based, it can be exploited in any situation in which a Web browser views a Shockwave Flash file, such as on Web pages, in e-mail or newsgroups, eEye wrote.
EEye, which has found numerous other vulnerabilities in applications like Microsoft's IIS (Internet Information Services), discovered another security hole in Flash in May.
More Macromedia bug reports are likely to come, though, as eEye warned in its alert that it had found about 17 other vulnerabilities in Flash.