Adobe fixes critical Flash vulnerabilities

Security holes affect both Windows and Mac OS X media players

News Story by Robert McMillan

MARCH 15, 2006 (IDG NEWS SERVICE) - Adobe Systems Inc. has patched a number of critical vulnerabilities in its Flash media player that could be used by attackers to take over affected systems. The bugs are severe enough that Microsoft Corp., which distributes the Flash software with its Windows operating system, has also warned its customers of the issue.

Attackers could theoretically exploit the bugs by tricking a user into loading a maliciously encoded Flash movie file, which would have a .swf extension, Adobe said in its advisory, which was posted yesterday.

The vulnerabilities can be found in Flash Player Version 8.0.22 or earlier; Breeze Meeting, Version 5.1 and earlier; as well as the Shockwave player, Version 10.1.0.11 and earlier.

Adobe's advisory credits Microsoft with discovering the vulnerabilities, but both the Windows and the Mac OS X operating systems are affected by the problem, according to Adobe.

The Flash format is a popular technology used for viewing and designing Web animation, and the Flash Player is widely distributed as a plug-in component for Web browsers. Flash was developed by Macromedia Inc., which Adobe acquired last year.

Microsoft's security advisory can be found on its TechNet site.

-source[computerworld]