New
Critical security advisory was puhlished from FrSIRT, the vulnerability allows remote attackers to execute arbitrary commands.
Details from
http://www.frsirt.com/english/advisories/2005/2317 :
引言回覆:
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-05
Technical Description
A critical vulnerability has been identified in Macromedia Flash Player, which may be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when validating indexes of certain arrays, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a specially crafted HTML Web page or open a malicious "SWF" Flash file.
About affected versions:
Macromedia Flash Player 7.0.19.0 and prior
SolutionUpgrade to Flash Player version
8.0.22.0 or
7.0.61.0:
http://www.macromedia.com/go/getflashAlso from
http://www.macromedia.com/devnet/securi ... 05-07.html :
引言回覆:
Macromedia recommends all Flash Player 7 and earlier users upgrade to this new version, which can be downloaded from the Macromedia Player Download Center. For customers with operating systems that do not support Flash Player 8 (Microsoft Windows 95, Microsoft Windows NT, or classic Macintosh operating systems), please refer to the Flash Player 7 update TechNote.