 TK421Premium
join:2004-12-19
Canada
2 edits | Macromedia Flash Player Vulnerability Macromedia Flash Player SWF File Handling Arbitrary Code ExecutionSecunia Advisory: SA17430 Release Date: -- 2005-11-05 Critical: ------ Highly critical Impact: -------- System access Where: --------- From remote Solution Status: Vendor Patch Software: Macromedia Flash Player 6.x Macromedia Flash Player 7.x Description:eEye Digital Security has reported a vulnerability in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used as an index in Flash.ocx to reference an array of function pointers. This can be exploited via a specially crafted SWF file to cause the index to reference memory that are under the attackers control, which causes Flash Player to use attacker supplied values as function pointers. Successful exploitation allows execution of arbitrary code. The vulnerability has been reported in Flash Player version 7.0.19.0 and prior. Solution:Update to Flash Player 8 (8.0.22.0) or apply Flash Player 7 update (7.0.61.0 or 7.0.60.0). Flash Player 8 download:
»www.macromedia.com/shockwave/dow···aveFlash
Flast Player 7 update:
»www.macromedia.com/go/d9c2fe33 More: »www.macromedia.com/devnet/securi···-07.html
Heads up everyone... 
[edit] Fixed broken link (thanks Dustyn  ) |
|
 dadkinsCan you do Blu?Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18 | Thanks jFly! |
|
|
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:7
2 edits | reply to TK421
First link returns: Error: Page Not Found
I have Flash 8....cool, I'm safe.  |
|
| Thanks.  |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2
 ·Frontier Communi..
| reply to TK421
The correct link for Flash 8 is:
»www.macromedia.com/shockwave/dow···aveFlash
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
| Do we have to unistall prev versions or just install 8 over 7? thanks. |
|
 Sith HMPI Did What?Premium
join:2004-04-25
Bloomington, IL | reply to TK421
I used to know how to do this. It seems my brain isn't working today. How do I find out which version of the player I have. I'm pretty sure I updated to 8 when it came out but I would like to be sure. Thank you-Sith
--
I am not as dumb as you think I think I am. |
|
 SteelyI rise when the sun goes downPremium
join:2000-10-15
Princeton Junction, NJ
kudos:1 | said by Sith HMP:How do I find out which version of the player I have. Try this: »www.macromedia.com/software/flash/about/ |
|
 alamarcoThe Amazing Spider-ManPremium
join:2003-06-18
Windsor, ON | reply to TK421
Thanks for the heads up, I recently upgraded to 8 so I'm safe. I was actually wondering whether or not to upgrade, but good thing I did . |
|
 vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH | reply to TK421
Just updated, thanks. |
|
| reply to TK421
One thing to note , after updating dont forget to vist this site and re-set you securtiy settings for FlashPlayer.
»www.macromedia.com/support/docum···r03.html
I would recommend adding the above site to Favories. |
|
alamarcoThe Amazing Spider-ManPremium
join:2003-06-18
Windsor, ON | Thanks for that link, appreciated. |
|
 planet
join:2001-11-05
Oz
kudos:1 | To update:
On IE, can't one go to tools>internet options>settings>view objects>
right click shockwave flash and then click update? |
|
Sith HMPI Did What?Premium
join:2004-04-25
Bloomington, IL | reply to Steely
Thank you very much. |
|
| reply to TK421
Thanks for these very useful links,but ,like mrsplants,i'd like to know if it's better to uninstall or you just download the new version ? Or is it just the same? |
|
| reply to TK421
Interesting foible
checking version in Firefox gave version 7 but checking in IE6 gave version 8 so needed to download new version.
Appears as though IE6 updated itself but not other browsers |
|
TK421Premium
join:2004-12-19
Canada | reply to Arkszap
For those who have any questions regarding Flash Player installation see Flash Player TechNote.
Previous versions of Macromedia Flash Player should be removed. Uninstall any previous version of Flash Player before using the standalone installer.
Hope that helps. |
|
 iam xSungazerPremium
join:2005-02-23
ॐ | reply to TK421
yes, it seems that while you can update both Flash player and the Shockwave player in Internet explorer on the macromedia.com site itself, you STILL need to do a seperate download to your pc in the case of updating the players in Firefox.
hmm, in firefox , the shockwave player updated fine, but i am having trouble installing the flash player. for some reason the installation is not extracting properly. it tells me "extracting to folder..", it goes to 100%, but then it just dissapears.(??)
no next prompt. |
|
TK421Premium
join:2004-12-19
Canada | Macromedia recommends downloading the standalone installer, closing all open browsers, and removing previous Flash Player version (Windows Add/Remove Programs) before installing the version 8.
At least, that worked fine for me with both Firefox and IE. |
|
iam xSungazerPremium
join:2005-02-23
ॐ | Thanks for the tip jfly, i just went to this site
»www.macromedia.com/software/flash/about/
in Firefox to see which version is showing up, and it is 8.0! |
|
