Yes, you have to make sure to set the code base in the html for the plugin to the new version: 6.0.40.0
by default it is: 6.0.0.0 I think this is pretty much already out in the Flash community to drive updating, but it's not really my area, so I'd hate to sound too authoritative on that. -Vern > -----Original Message----- > From: jon hall [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 09, 2002 11:51 AM > To: CF-Community > Subject: Re: At least 18 security flaws discovered in Flash > > > I know you guys will fix it, the problem is that people won't update > until forced to. Perhaps you guys can do some advocacy with some of > the larger Flash sites and get them to modify a bit of their html so > that people get the newest version, or does that happen already even > if they already have v6? > > -- > jon > mailto:[EMAIL PROTECTED] > > Friday, August 9, 2002, 2:46:26 PM, you wrote: > CL> Check out Mike Chambers blog for more information on > this: http://radio.weblogs.com/0106797/2002/08/08.html#a239 > > CL> Christine > > CL> -----Original Message----- > CL> From: jon hall [mailto:[EMAIL PROTECTED]] > CL> Sent: Friday, August 09, 2002 1:17 PM > CL> To: CF-Community > CL> Subject: At least 18 security flaws discovered in Flash > > > CL> From Bugtraq: > > CL> Macromedia Shockwave Flash Malformed Header Overflow > > CL> Release Date: August 8, 2002 > > CL> Severity: > CL> High (Remote Code Execution) > > CL> Systems Affected: > CL> Macromedia Shockwave Flash - All Versions; > CL> Unix and Windows; Netscape and Internet Explorer > > CL> Description: > CL> While working on some pre-release eEye Retina CHAM tools, > an exploitable > CL> condition was discovered within the Shockwave Flash file > format called SWF > CL> (pronounced "SWIF"). > > CL> Since this is a browser based bug, it makes it trivial to > bypass firewalls > CL> and attack the user at his desktop. Also, application > browser bugs allow you > CL> to target users based on the websites they visit, the > newsgroups they read, > CL> or the mailing lists they frequent. It is a "one button" > push attack, and > CL> using anonymous remailers or proxies for these attacks is > possible. > > CL> This vulnerability has been proven to work with all > versions of Macromedia > CL> Flash on Windows and Unix, through IE and Netscape. It > may be run wherever > CL> Shockwave files may be displayed or attached, including: > websites, email, > CL> news postings, forums, Instant Messengers, and within > applications utilizing > CL> web-browsing functionality. > > CL> Technical Description: > CL> The data header is roughly made out to: > > CL> [Flash signature][version (1)][File Length(A number of bytes too > CL> short)][frame size (malformed)][Frame Rate > (malformed)][Frame Count > CL> (malformed)][Data] > > CL> By creating a malformed header we can supply more frame > data than the > CL> decoder is expecting. By supplying enough data we can > overwrite a function > CL> pointer address and redirect the flow of control to a > specified location as > CL> soon as this address is used. At the moment the > overwritten address takes > CL> control flow, an address pointing to a portion of our > data is 8 bytes back > CL> from the stack pointer. By using a relative jump we > redirect flow into a > CL> "call dword ptr [esp+N]", where N is the number of bytes > from the stack > CL> pointer. These "jump points" can be located in multiple > loaded dll's. By > CL> creating a simple tool using the debugging API and > ReadMemory, you can > CL> examine a process's virtual address space for useful data > to help you with > CL> your exploitation. > > CL> This is not to say other potentially vulnerable > situations have not been > CL> found in Macromedia's Flash. We discovered about > seventeen others before we > CL> ended our testing. We are working with Macromedia on these issues. > > CL> Protection: > CL> Retina(R) Network Security Scanner already scans for this > latest version of > CL> Flash on users' systems. Ensure all users within your > control upgrade their > CL> systems. > > CL> Vendor Status: > CL> Macromedia has released a patch for this vulnerability, > available at: > CL> > http://www.macromedia.com/v1/handlers/index.cfm?ID=23293&Metho d=Full&Title=M CL> PSB02%2D09%20%2D%20Macromedia%20Flash%20Malformed%20Header%20Vulnerability%2 CL> 0Issue&Cache=False CL> Discovery: Drew Copley CL> Exploitation: Riley Hassell CL> Greetings: Hacktivismo!, Centra Spike CL> Copyright (c) 1998-2002 eEye Digital Security CL> Permission is hereby granted for the redistribution of this alert CL> electronically. It is not to be edited in any way without express consent of CL> eEye. If you wish to reprint the whole or any part of this alert in any CL> other medium excluding electronic medium, please e-mail [EMAIL PROTECTED] for CL> permission. CL> Disclaimer CL> The information within this paper may change without notice. Use of this CL> information constitutes acceptance for use in an AS IS condition. There are CL> NO warranties with regard to this information. In no event shall the author CL> be liable for any damages whatsoever arising out of or in connection with CL> the use or spread of this information. Any use of this information is at the CL> user's own risk. CL> Feedback CL> Please send suggestions, updates, and comments to: CL> eEye Digital Security CL> http://www.eEye.com CL> [EMAIL PROTECTED] ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
