In association with heise online

13 September 2006, 14:15

Flash player plays back arbitrary program code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe is releasing new versions of its Flash player software to close several security holes. Attackers could plant arbitrary code on affected computers using prepared Flash files in websites or emails.

Adobe's security advisory does not provide details on the holes, explaining only that input is not properly validated and hence could execute planted code. The updates also close a hole allowing Flash files to circumvent the allowScriptAccess option. Updates for Flash player 7 and 8 are available for Linux and Solaris, and also contain bug fixes for older vulnerabilities.

Adobe is encouraging users to make the switch to Flash player The company is also releasing updates for the older versions, and for those situations where it is not possible to switch to the 9-series. Because the error effects all platforms for which the Flash player is available, administrators should check the player version on all systems and update as needed.

Please see also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit