Adobe fixes critical Macromedia flaws

By Eric B. Parizo, News Editor 15 Mar 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. released software updates Tuesday that address high priority vulnerabilities in several of its multimedia products.

The San Francisco-based vendor said flaws in its Flash Player, Breeze Meeting Add-In, Shockwave Player and Flash Debut Player could allow an attacker to take control of affected systems.

In order for the vulnerability to be exploited, Adobe said, a malicious Shockwave Flash object (.swf) file must be loaded by a user. The specific software versions affected include:

• Flash Player versions 8.0.22.0 and earlier
• Breeze Meeting Add-In Version 5.1 and earlier
• Shockwave Player version 10.1.0.11 and earlier
• Flash Debug Player version 7.0.14.0 and earlier

Abobe's bulletin stated that the vulnerabilities could be accessed through content delivered from a remote location via the user's Web browser, e-mail client or other applications that make use of Flash Player.

The vendor rates the severity of the flaws as critical, and recommends affected users update immediately to newly available versions of its software, which can be downloaded via its Web site.

Adobe credited Microsoft for reporting the vulnerabilities.

These new fixes come just a few weeks after Adobe patched a critical Shockwave flaw that resided in the player's ActiveX installer.

Tags: Web Application Security,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Securing Productivity Applications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Preventing SQL injection attacks: A network admin's perspective Cisco acquires SaaS security vendor ScanSafe Web application firewall use goes beyond compliance, company finds Gumblar Trojan drive-by exploits spike following Adobe update Some Facebook applications lead to Russian attack sites Barracuda acquires Purewire expanding Web security reach An enterprise strategy for Web application security threats Scanning with N-Stalker offers basic Web application security assessment Attackers target PDF, DirectShow flaws with malicious banner ads New Bahama botnet evades search engines, fuels click fraud Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Securing Productivity Applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary