12 September 2006
Vulnerability proven in Flash
A critical vulnerability has been released for the Adobe and Macromedia Flash player.
The vulnerability allows people to take control of a users system by inserting malicious code in a web site using Flash. Flash does not deal with large dynamic strings at run time. Using rather basic Action script a movie can be created in such a way that will overwrite system memory. This allows for heap and stack overwrites among other things.
Users can be a little relieved that this is not currently exploited on the Internet and was only discovered as a proof of concept. That doesn't mean though now that it is known someone won't try to create an exploit.
Thankfully users with the latest version of the Flash Player do not need to worry, it has been fixed already. However, those who are still running an older version should consider updating.
The vulnerability allows people to take control of a users system by inserting malicious code in a web site using Flash. Flash does not deal with large dynamic strings at run time. Using rather basic Action script a movie can be created in such a way that will overwrite system memory. This allows for heap and stack overwrites among other things.
Users can be a little relieved that this is not currently exploited on the Internet and was only discovered as a proof of concept. That doesn't mean though now that it is known someone won't try to create an exploit.
Thankfully users with the latest version of the Flash Player do not need to worry, it has been fixed already. However, those who are still running an older version should consider updating.
Labels: flash, internet, vulnerability
