TK421
Premium
join:2004-12-19
Canada
edit:
November 6th, @12:51AM
| Macromedia Flash Player Vulnerability
Macromedia Flash Player SWF File Handling Arbitrary Code ExecutionSecunia Advisory: SA17430 Release Date: -- 2005-11-05 Critical: ------ Highly critical Impact: -------- System access Where: --------- From remote Solution Status: Vendor Patch Software: Macromedia Flash Player 6.x Macromedia Flash Player 7.x Description:eEye Digital Security has reported a vulnerability in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used as an index in Flash.ocx to reference an array of function pointers. This can be exploited via a specially crafted SWF file to cause the index to reference memory that are under the attackers control, which causes Flash Player to use attacker supplied values as function pointers. Successful exploitation allows execution of arbitrary code. The vulnerability has been reported in Flash Player version 7.0.19.0 and prior. Solution:Update to Flash Player 8 (8.0.22.0) or apply Flash Player 7 update (7.0.61.0 or 7.0.60.0). Flash Player 8 download:
»www.macromedia.com/shockwave/dow···aveFlash
Flast Player 7 update:
»www.macromedia.com/go/d9c2fe33 More: »www.macromedia.com/devnet/securi···-07.html
Heads up everyone... 
[edit] Fixed broken link (thanks Dustyn  ) |
|
dadkins
Go For It
Premium,MVM
join:2003-09-26
Hercules, CA | Thanks jFly! |
|
Dustyn
Premium
join:2003-02-26
Ontario, CAN
edit:
November 6th, @01:59AM
| reply to TK421
First link returns: Error: Page Not Found
I have Flash 8....cool, I'm safe.  |
|
chiawaikian
join:2005-08-25 | Thanks.  |
|
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
| reply to TK421
The correct link for Flash 8 is:
»www.macromedia.com/shockwave/dow···aveFlash
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
mrsplants
join:2005-10-27
East Falmouth, MA |  Do we have to unistall prev versions or just install 8 over 7? thanks. |
|
Sith HMP
I Did What?
Premium
join:2004-04-25
Bloomington, IL
 ·Insight Communicat..
| reply to TK421
I used to know how to do this. It seems my brain isn't working today. How do I find out which version of the player I have. I'm pretty sure I updated to 8 when it came out but I would like to be sure. Thank you-Sith
--
I am not as dumb as you think I think I am. |
|
Steely
I used to have OOL
Premium
join:2000-10-15
Princeton Junction, NJ
| said by Sith HMP :How do I find out which version of the player I have. Try this: »www.macromedia.com/software/flash/about/ |
|
alamarco
Haruhi
join:2003-06-18
Windsor, ON
clubs: | reply to TK421
Thanks for the heads up, I recently upgraded to 8 so I'm safe. I was actually wondering whether or not to upgrade, but good thing I did . |
|
vukodlak75
Nisam Ti Dude
Premium,MVM
join:2001-10-27
Beachwood, OH
clubs: | reply to TK421
Just updated, thanks. |
|
sharpy merc
join:2003-01-28
England
| reply to TK421
One thing to note , after updating dont forget to vist this site and re-set you securtiy settings for FlashPlayer.
»www.macromedia.com/support/docum···r03.html
I would recommend adding the above site to Favories. |
|
alamarco
Haruhi
join:2003-06-18
Windsor, ON
clubs: | Thanks for that link, appreciated. |
|
planet
join:2001-11-05
Olmsted Falls, OH | To update:
On IE, can't one go to tools>internet options>settings>view objects>
right click shockwave flash and then click update? |
|
Sith HMP
I Did What?
Premium
join:2004-04-25
Bloomington, IL | reply to Steely
Thank you very much. |
|
Arkszap
Premium
join:2005-01-30 | reply to TK421
Thanks for these very useful links,but ,like mrsplants,i'd like to know if it's better to uninstall or you just download the new version ? Or is it just the same? |
|
Oldjim1
@plus.com | reply to TK421
Interesting foible
checking version in Firefox gave version 7 but checking in IE6 gave version 8 so needed to download new version.
Appears as though IE6 updated itself but not other browsers |
|
TK421
Premium
join:2004-12-19
Canada
| reply to Arkszap
For those who have any questions regarding Flash Player installation see Flash Player TechNote.
Previous versions of Macromedia Flash Player should be removed. Uninstall any previous version of Flash Player before using the standalone installer.
Hope that helps. |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| reply to TK421
yes, it seems that while you can update both Flash player and the Shockwave player in Internet explorer on the macromedia.com site itself, you STILL need to do a seperate download to your pc in the case of updating the players in Firefox.
hmm, in firefox , the shockwave player updated fine, but i am having trouble installing the flash player. for some reason the installation is not extracting properly. it tells me "extracting to folder..", it goes to 100%, but then it just dissapears.(??)
no next prompt. |
|
TK421
Premium
join:2004-12-19
Canada
| Macromedia recommends downloading the standalone installer, closing all open browsers, and removing previous Flash Player version (Windows Add/Remove Programs) before installing the version 8.
At least, that worked fine for me with both Firefox and IE. |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA | Thanks for the tip jfly, i just went to this site
»www.macromedia.com/software/flash/about/
in Firefox to see which version is showing up, and it is 8.0! |
|
