Macromedia security hole affects Windows, Unix

About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store

NEWS

Macromedia security hole affects Windows, Unix

By Sam Costello
August 9, 2002 2:05 pm PT

See correction below

ADVERTISEMENT

<a href="http://ad.doubleclick.net/jump/idg.us.info.news/article;abr=!ie;pos=imu;pkey=security;skey=;paud=;saud=;sz=336x280;tile=2;ord=383800221108?"> <img src="http://ad.doubleclick.net/ad/idg.us.info.news/article;abr=!ie;pos=imu;pkey=security;skey=;paud=;saud=;sz=336x280;tile=2;ord=383800221108?" border="0"> </a>

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

TOP NEWS

IT SOLUTION SEARCH

BOSTON - A security hole in the widely used Macromedia Flash file format used with Web browsers can allow an attacker to execute code of their choice on affected systems, according to a new security alert released Friday by eEye Digital Security.

The vulnerability is limited, however, to Macromedia Flash files edited by hand with a binary editor, meaning that the Flash application will not produce files that contain the vulnerability on its own, according to a separate security alert from Macromedia, which is based in San Francisco, Calif.

The vulnerability is serious because it affects Web browsers, which are trusted by firewalls to receive incoming traffic, and because it affects all versions of Macromedia Flash used in the Internet Explorer and Netscape Navigator Web browsers running on both Windows and Unix, eEye said.

The flaw comes as the result of a problem in the data header of Macromedia Flash files which allows an attacker to supply more data to the file decoder than is expected and in turn can eventually lead to code execution, eEye said.

Because the vulnerability is browser-based, it can be exploited in any situation in which a Web browser views a Macromedia Flash file, such as on Web pages, in e-mail or newsgroups, eEye wrote.

Macromedia has released a new Flash player that addresses the flaw and is available at http://www.macromedia.com/v1/handlers/index.cfm?ID=23293&Method=Full&TitlePSB02%2D09%20%2D%20Macromedia%20Flash%20Malformed%20Header%20Vulnerability%2 0Issue&Cache=False. More information about he vulnerability is also located at that address.

EEye, which has found numerous other vulnerabilities in applications like Microsoft's IIS (Internet Information Services), discovered another security hole in Flash in May.

More Macromedia bug reports are likely to come, though, as eEye warned in its alert that it had found about 17 other vulnerabilities in Flash.

Correction

In this article, the file format affected by the Macromedia vulnerability was originally misreported.

Sam Costello is a Boston-based correspondent for the IDG News Service, an InfoWorld affiliate.

SPONSORED WHITE PAPERS

EMC - Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust - Are you ready for Sobig.G? Learn how to protect your email systems.
CDW - Personal attention. CDW. The Right Technology. Right Away.
EMC - Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel - Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco - FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc. - "Mass Consolidation Hits the Web-Search Market"
McDATA - Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies - Overcoming Common Firewall Limitations
Lucent Technologies - Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia - Get the scoop! Mobilizing business white papers & case studies.
BMC Software - Maximize the Potential of Enterprise Data: Free white paper!
Network Associates - Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust - Manage identities across applications. Improve productivity.
Stalker Software - CommuniGate Pro - Transform your Email and Calendaring
Remedy - A NEW Gartner Research Note:Producing Quality IT Services

Search the IDG White Paper Library:

SPONSORED LINKS

INFOWORLD MARKETPLACE

» IT Compliance Conference: Nov. 5-7 in San Diego
Best Practices, Peer Experiences, & Expert Advice for Building a Defensible IT Compliance Program
» FREE Sophos Threat Detection Test
Is your AV catching everything it should? Free virus, spyware and adware scan.
» IT Audit Checklists
Prepare for your next internal IT audit. Checklists cover security, risk management, PCI, and more.
» FREE White Paper: Mitigating Rock Phish Attacks
Standard anti-phishing methods cannot defeat complex Rock Phish attacks. Learn how to fight back...
» Apply BPM and ITIL at your IT Help Desk
ServiceWise brings BPM to complete IT service while eliminating integration cost. Learn more here.

>> BUY A LINK NOW

	HOME NEWS TEST CENTER OPINIONS PRODUCT GUIDE TECHINDEX	About : Advertise : Subscribe : Contact Us : Awards : Events
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy

All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

Computerworld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no