[ news_security_news ]
Flash Player Vulnerability Corrected With Latest Version
Chris Crum
Staff Writer
2005-11-08
 Security News RSS Feed
A security flaw was discovered in Macromedia Flash Player versions 7.0.19.0 and lower. Macromedia and others have classified the flaw as highly critical.
The vulnerability could potentially allow hackers access to millions of PCs. The flaw has been fixed with Macromedia's latest version of Flash Player, 8.0.22.0. The company urges users to upgrade to this newer version immediately.
"There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, thus leaving open the possibility that a third party could inject unauthorised code that would have been executed by Flash Player," the company said. eWeek reports:
According to eEye Digital Security, the private research firm that reported the issue to Macromedia, the bug affects Macromedia Flash 6 and Flash 7, both on all Windows platforms.
eEye said the vulnerability opens the door for a malicious hacker to run arbitrary code in the context of the logged-in user. "An array boundary condition may be violated by a malicious .SWF file in order to redirect execution into attacker-supplied data," the company said.
Flash Player 8.0.22.0 can be downloaded from Macromedia's web site. The site also gives further details regarding the vulnerability.
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
