Article

Critical flaws found in Excel, Flash Player

Bill Brenner

IT shops that manage systems running Microsoft Excel and Adobe Systems Inc.'s Macromedia Flash Player should take precautions against new, critical security holes in those programs, the French Security Incident Response Team (FrSIRT) warned Thursday. Attackers could exploit the flaws to take control of affected machines and launch malicious commands.

In its

    Requires Free Membership to View

advisory on the Excel flaw, FrSIRT said the problem is a memory corruption error that appears "when handling or repairing a document with overly long styles." Attackers could exploit this "to execute arbitrary commands by convincing a user to open and repair a specially crafted Excel file," the firm added.

Unlike other recent Excel/Office flaws, this issue only affects Asian language (Japanese, Korean, and Chinese) versions of the product, FrSIRT said. Specifically, the problem affects Excel 2000, 2002, 2003; and Office 2000, XP and 2003.

Tuesday, Microsoft plans to patch security holes in Excel and Office. The fix is expected to address newer flaws that surfaced in the last month, including a zero-day flaw that has been actively exploited.

In its advisory on the Macromedia Flash Player flaw, FrSIRT outlined two problems:

  • Improper memory access errors that occur when malformed .swf files are processed. Attackers could exploit this to launch malicious commands by tricking a user into visiting a malicious Web page.

  • An unspecified error that occurs when malformed .swf files are handled. Attackers could exploit the flaw by using malicious Web sites to crash a Web browser linked to a vulnerable player.

    The flaws affect Macromedia Flash Player 8.0.24.0 and prior versions. The solution is to upgrade to Flash Player version 9.0.16.0.


  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: