» Topic:  Flash, bang, wallop - you're own3d

» Added by:  John Leyden

» Date:  9.11.2005

  Security researchers have discovered a vulnerability in Macromedia's Flash Player that creates a mechanism for hackers to attack the PCs of users running the popular application. The security bug - described as critical - affect Macromedia Flash Player 6.x and 7.x. Macromedia has issued security updates.

The flaw stems from a failure to reject malformed SWF files as invalid. This bug might be exploited by using specially crafted (malformed) SWF file to execute arbitrary code on the machines of users induced into visiting sites under the control of hackers.

Flash Player version 7.0.19.0 and prior on the Windows platform, and in versions prior to 7.0.25.0 on Unix, are reportedly vulnerable. Users are advised to upgrade to Flash Player 8 (8.0.22.0) or apply a Flash Player 7 update (7.0.61.0 or 7.0.60.0) in order to guard against possible attack. The bug was independently discovered by Fang Xing of eEye Digital Security and Bernhard Mueller of SEC Consult.

Source : www.theregister.co.uk