Security hole in Flash player could run attack code

A security hole in the way Macromedia Inc.’s Flash player handles ActiveX content could allow an attacker to run the code of their choice on vulnerable systems, according to a security advisory published by eEye Digital Security Inc. late Thursday. Macromedia is offering a new download of the player that fixes the flaw.

The vulnerability affects the Flash.ocx ActiveX component of the Flash player version 6 revision 23, and may affect earlier versions as well, Aliso Viejo, California, eEye said in its alert. The Flash.ocx component is installed with Internet Explorer, as well as with the Flash player, eEye said.

A buffer overflow in Flash.ocx could allow an attacker to run code of their choice on a vulnerable system when a user reads an HTML (Hypertext Markup Language) -formatted e-mail containing attack code, visits a Web site with attack code in it or uses Internet Explorer to display any other third party HTML, eEye said.

EEye said that Macromedia, based in San Francisco, was already aware of the issue when it contacted the company and that the latest version of the Flash player fixed the flaw. Users should upgrade to the latest version of the Flash player, version 6 revision 29, eEye said.

The updated Flash player can be downloaded at http://sdc.shockwave.com/shockwave/download/frameset.fhtml?P1_Prod_Version=ShockwaveFlash/.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now