In association with heise online

20 March 2008, 12:36

Security hole in Adobe's Flash Basic, Professional and CS3

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has confirmed a security hole in Flash Basic, Professional and Creative Suite 3 Professional through which malicious code can be infiltrated using manipulated .fla files. .fla files contain the source text for Flash animations.

Neither Fortinet, which discovered the hole, nor Adobe itself, is releasing technical details. A hacker named cocoruder has however explained in an e-mail to the Full Disclosure mailing list that changing some addresses in a .fla file sends the Adobe software astray, enabling outside code to be called.

Adobe has confirmed the hole in Flash Basic 8, Flash Professional 8 und CS3 Professional and has announced a fix for coming versions. According to cocoruder, however, the vulnerabilities also affect Macromedia Flash MX 2004. The Mac versions of Flash Basic and Professional are apparently not susceptible. Users who download .fla files from the net should make sure they only open files from trusted sources.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit