MPSB02-15 - Macromedia Flash Malformed Header Vulnerability Issue
Macromedia has recently become aware of a vulnerability where a hand edited malformed Macromedia Flash movie (SWF) header can be exploited to cause a buffer over-write issue which could potentially lead to execution of arbitrary code.
This can only occur with Macromedia Flash movies (SWF) that have been hand edited with a binary editor; Macromedia Flash the authoring tool will not output movies with this vulnerability.
Customers should follow the recommendations found in this bulletin and download the latest Macromedia Flash Player.
What Macromedia Is Doing
Macromedia has isolated the issue and released an updated player (6,0,65,0 or later) which is available for download on the Macromedia Player Download Center.
Macromedia is committed to the security of the Macromedia Flash Player, and invests considerable ongoing effort to ensure that the security and privacy of all Macromedia Flash Player users and all websites serving Macromedia Flash content are protected.
Macromedia worked together with eEye Digital Security to verify and fix this issue. Both companies are committed to security for their customers.
What Customers Should Do
Customers should follow the recommendations found in this bulletin and download the newer Flash Player.
December 12, 2002 - Bulletin first released.