A security hole in the way Macromedia's Flash player handles ActiveX content could allow an attacker to run the code of their choice on vulnerable systems, according to a security advisory published by eEye Digital Security late Thursday. Macromedia is offering a new download of the player which fixes the flaw.
The vulnerability affects the Flash.ocx ActiveX component of the Flash player version 6 revision 23, and may affect earlier versions as well, Aliso Viejo, California, eEye said in its alert. The Flash.ocx component is installed with Internet Explorer, as well as with the Flash player, eEye said.