December 19th, 2003, 04:14 PM
Macromedia Flashplayer Exploit
There's been a problem found with Macromedia Flash and IE/Opera, here's a snipett from a Panda AV newsletter:
Madrid, December 18, 2003 - Macromedia has released a new version of Macromedia Flash Player to resolve a vulnerability -discovered in Internet Explorer and Opera- which could be used to access certain local files.
Although the problem has been detected in Internet Explorer and Opera, an attacker could exploit it in combination with the local Flash data file to access other information stored on the affected system.
The update supplied by Macromedia stores Flash files in a way that they cannot be accessed by applications other than Flash Player, preventing applications such as Internet Explorer or Opera from using them. This stops an attacker from exploiting vulnerabilities in these browsers to access -via Flash files- other information on the system.
Macromedia has classified the update as 'important' and recommends that users install it. This is all the more important bearing in mind that at present there are no patches for the vulnerabilities in Internet Explorer and Opera.
The new Macromedia Flash Player (7,0,19,0) is available at: http://www.macromedia.com/go/getflashplayer
More information from:
December 19th, 2003, 07:57 PM
I think there should be a News forum or the highlights should be forwarded to an individual who posts a news of the day or week thread. I keep jumping into these threads to find out more information and they are always the same cut and paste job of the information that is on every news channel. I assume 90% of the individuals on this site has seen these alerts on 5 different sites, so why is it so important to add here without adding any more information? Do you know anything on this topic? Can you help suggest a counter measure? I think that would be a superb post and probably get you another post under your belt and a lot of nice green AntiPoints.
December 19th, 2003, 09:22 PM
Thanks for the heads up, I'll have to upgrade. I don't want people getting my local files.
December 20th, 2003, 06:03 AM
Thanks so much! I'm gonna update as soon as I finish posting