gkweb
join:2003-06-09
76800
| Microsoft Windows Flash Player Code Execution Vulnerabilitie
»secunia.com/advisories/20045/
quote:
TITLE:
Microsoft Windows Flash Player Code Execution Vulnerabilities
SECUNIA ADVISORY ID:
SA20045
VERIFY ADVISORY:
»secunia.com/advisories/20045/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows 98
»secunia.com/product/12/
Microsoft Windows 98 Second Edition
»secunia.com/product/13/
Microsoft Windows Millenium
»secunia.com/product/14/
Microsoft Windows XP Home Edition
»secunia.com/product/16/
Microsoft Windows XP Professional
»secunia.com/product/22/
DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious people to compromise a user's system.
The vulnerabilities exist in the Macromedia Flash Player component
distributed with certain versions of Windows.
For more information:
SA19218
SA17430
SOLUTION:
Apply patches.
Windows XP SP1/SP2:
»www.microsoft.com/downloads/deta···2631673A
Windows 98, Windows 98 SE, and Windows ME:
Updates for Flash Player 5.x and 6.x are available for download from
the Windows Update Web site. Updates for later versions are available
from Adobe.
OTHER REFERENCES:
SA19218:
»secunia.com/advisories/19218/
SA17430:
»secunia.com/advisories/17430/
Known issues when installing this security update:
»support.microsoft.com/kb/913433
Regards,
gkweb.
--
DiamondCS beta-tester
Ghost security beta-tester
Outpost beta-tester
Jetico beta-tester
Firewall tester : »www.firewallleaktester.com
*member of ASAP : Alliance of Security Analysis Professionals* |
|
SpannerITWks
Premium
join:2005-04-22 | Thanx + also for your FW reviews !
Spanner |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to gkweb
Isn't this kind of a lousy headline?
This appears to be neither a problem in Windows nor is Microsoft responsible for it - it's a problem with Macromedia Flash.
Or does Microsoft have its own Flash player?
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. It's always Microsoft's fault. Surely you know that? |
|
OZO
Premium
join:2003-01-17
| reply to gkweb
Windows XP SP2 initially has this registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions]
Looks like Macromedia FlashPlayer is part of OS (at least part of its distribution).
--
Keep it simple, it'll become complex by itself... |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to gkweb
Yah, it looks like Microsoft distributed some now-older versions of Flash with the OS, so they're taking responsibility for fixing the problem, but it still appears to be Adobe's bug.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
Kiwi
Premium
join:2003-05-26
USA
 ·Comcast
 ·Aristotle Internet
| reply to gkweb
"[HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions]" Though the key has relevance, it's still an insert rather than an actual OS component. It's not really an MS issue. A classic case of a third party screw up, perhaps.
Every third party program creates an MS hole, that's why some people suggest updating more than the OS. Of course some people simply choose to avoid Macromedia and particularly Flash, unless they have a specific need. DreamWeaver has some explaining to do on that front.
Though to be fair it's still worth a mention and a reasonable warning alert. Just not an MS problem, MS gets blamed for enough already without having to deal with the other offenders.
Cheers |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to Steve
said by Steve  :Isn't this kind of a lousy headline? . . .it's a problem with Macromedia Flash. Or does Microsoft have its own Flash player? When I read the topic title my first thought was "when did Microsoft release a Flash Player?"
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
JRVS
join:2001-06-01
Houston, TX
·Comcast
1 edit | reply to gkweb
As a computer consultant, I'd be thrilled if more 3rd parties participated in MU/AU/WSUS. Microsoft's updates are a lot easier to get installed across an enterprise than anyone else's. And because the software to do it is free, I've not yet had an objection from a client about installing it.
Heck, even if I was only responsible for one computer--my own--I'd like to be able to use MU for 3rd party updates.
To date, I only remember seeing driver updates from Intel, Dell, HP and now this Flash security update through MU & WSUS. Anyone else that offers an Internet update feature offers it through the program, one computer at a time, interactive, and with admin permissions required to install it.
Kudos to Microsoft and Adobe for doing this. |
|
Khaine
join:2003-03-03
Australia
| said by JRVS :As a computer consultant, I'd be thrilled if more 3rd parties participated in MU/AU/WSUS. Microsoft's updates are a lot easier to get installed across an enterprise than anyone else's. And because the software to do it is free, I've not yet had an objection from a client about installing it. Heck, even if I was only responsible for one computer--my own--I'd like to be able to use MU for 3rd party updates. To date, I only remember seeing driver updates from Intel, Dell, HP and now this Flash security update through MU & WSUS. Anyone else that offers an Internet update feature offers it through the program, one computer at a time, interactive, and with admin permissions required to install it. Kudos to Microsoft and Adobe for doing this. That sounds alot like what linux distros do, so it will never happen :P |
|
gkweb
join:2003-06-09
76800
| About the title, it is not from me. It is simply the email subject of the email I have received from Secunia :
"[SA20045] Microsoft Windows Flash Player Code Execution Vulnerabilities"
I agree it is misleading, as Microsoft themselves claim it is an Adobe bug, not a Windows one :
"Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)"
Regards,
gkweb.
--
DiamondCS beta-tester
Ghost security beta-tester
Outpost beta-tester
Jetico beta-tester
Firewall tester : »www.firewallleaktester.com
*member of ASAP : Alliance of Security Analysis Professionals* |
|
