[NEWS] Shockwave Flash Player Security Issue
From: support@securiteam.comDate: 01/15/02
- Previous message: support@securiteam.com: "[UNIX] PHP Rocket Add-in for FrontPage Directory Traversal Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Tue, 15 Jan 2002 09:18:31 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Shockwave Flash Player Security Issue
------------------------------------------------------------------------
SUMMARY
As we reported in our previous article:
<http://www.securiteam.com/securitynews/5FP0D0060Q.html > New Virus
Infects Macromedia Flash Files , a security vulnerability in the product
allows an attacker to cause the product to execute malicious code, causing
the product to spread a worm like virus by simply opening up a Flash file.
The following is the vendor's response to the issue.
DETAILS
Macromedia was recently informed of a potential issue with the standalone
Macromedia Flash Player running on Microsoft Windows. This issue does not
affect web content viewed in a browser.
After testing by both Macromedia and Sophos Anti-virus, the company who
initially reported this potential issue, Macromedia has found that this
issue can only affect content that is sent via email or downloaded from a
site and then run outside a browser.
In either case, the content must be run in a Macromedia stand-alone Flash
Player or associated Projector executable to represent a risk. This player
is not installed by any browser installation, and is only installed with
the Macromedia Flash authoring product.
Macromedia appreciates the work of Sophos in reporting this potential
issue, and will be issuing a patch later this week; a fix will also be
included in future versions of the product.
For more information on the patch please visit:
<http://www.macromedia.com/support/flash/>
http://www.macromedia.com/support/flash/.
ADDITIONAL INFORMATION
The information has been provided by <mailto:psantangeli@macromedia.com>
Peter Santangeli and <mailto:flashplayer_security@macromedia.com> Flash
Player Security.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] PHP Rocket Add-in for FrontPage Directory Traversal Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
