RSSAdobe Plugs Critical Flash Vulnerability
By the Betanews Staff | Published March 15, 2006, 3:04 PM
Adobe on Tuesday issued a security advisory urging all Macromedia Flash users to upgrade to version 8.0.24.0. The company says it has identified "critical vulnerabilities" in Flash Player that could lead to a full system compromise. The flaw can be exploited through a malicious SWF file.
The problem, which discovered and reported by Microsoft, affects all operating systems. Adobe has made available updates for a number of its products that include Flash, such as Breeze, Shockwave and Flex. Fixed versions of Flash 7 for Linux and Solaris are also available for download.
adobe plugs critical flash vulnerability? lol
Score: 0
|Hurry! You won't want to miss a single flash ad. This tags right along with Java when I have to work on a system.
Straight to the bitbucket.
Score: 0
|Why does the DLL file for the plugin say its from Jan 2 2006?
I checked in Seamonkey, Firefox, and Opera, and all of their DLLs are from the same date.
Score: 0
|Ya, it's not apparent. What is apparent is how many ads are .swf files. It's a big vulnerability anytime something like .swf is compromised.
Score: 0
|Also the security announcement doesn't state a priv escalation or if the exploit will just be run at the user's perm levels? Important distinction. One I scramble on, the other I basically ignore.
Score: 0
|Does anyone see architectural issues with a browser plug-in even having the capability of compromising a system?
Score: 0
|Yes. If you're so inclined, you can download 912945 on Windows updates. Then you can see what happens. =)
Effectively, if you give an application the ability to upload or scan your tree, this stuff is inherent.
Score: 0
|Don't forget to de-select the Yahoo toolbar option. It's selected to install by default. Bastiges.
Score: 0
|Sometimes I think Flash vulnerabilities are used for pushing new versions more than anything.
Score: 0
|It definitely seemed that way with the release of Flash 8.
Score: 0
|