~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IMPORTANT: Two security issues that may affect Macromedia Flash Player have come to our attention recently. To learn about these new issues and what actions you can take to address them, Please visit the Security Zone at the Macromedia Web site: http://www.macromedia.com/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MPSB02-10 - Macromedia Flash URL Modification Issue http://www.macromedia.com/v1/handlers/index.cfm?ID=23294 Originally posted: August 8, 2002 Last updated: August 8, 2002 Summary Macromedia has received a report of vulnerability in the Flash Player that could allow maliciously authored Flash content, working in conjunction with other content on a Web server, to read the contents of files from the local file systems of Flash Player users, and send those contents back to Web servers without users' consent or knowledge. This vulnerability is limited to files whose locations and names are known or guessed ahead of time by attackers. An attacker would have to entice the user to a site under his control to exploit this vulnerability. This vulnerability can never be used to modify or delete local files. All Macromedia Flash Players are affected. Macromedia has released new versions of all Flash Players fixing this issue; see below. ~~~~~~~~~~~~~ Issues ActionScript in Flash movies can make requests to load data directly from files. A common usage of this ability is loading XML files from Web servers. As a security measure, the Flash Player prevents Flash movies from loading data that originates outside the web domain from which the movie was served. This restriction naturally extends to files from local file systems. The present vulnerability could allow malicious content to bypass this same-domain restriction by loading data from URLs that are modified during HTTP negotiation, for example by HTTP redirects. Data loaded in this way could be sent back to the server from which the malicious Flash content was served. This vulnerability also existed in the Netscape and Internet Explorer browsers, fixed in February and May of 2002 respectively. Internet Explorer for the Mac has not been addressed; Macromedia is working with Microsoft to ensure that this issue is addressed in the near future. ~~~~~~~~~~~~~ Solution Customers should download the newer Macromedia Flash Player immediately. Macromedia Flash content authors should read the following technote: http://www.macromedia.com/support/flash/ts/documents/load_xdomain.htm. ~~~~~~~~~~~~~ What Macromedia Is Doing Macromedia has isolated the issue and released an updated player (6,0,47,0) which is available for download on the Macromedia Player Download Center (http;//www.macromedia.com/go/getflashplayer/). Macromedia’s solution to this problem is generalized: the updated Flash Players detect all situations in which URLs are modified from their original form. This means that if additional methods of causing URL modification are discovered, they will not enable attackers to bypass the security rules of the Flash Player. Macromedia is committed to the security of the Macromedia Flash Player, and invests considerable ongoing effort to ensure that the security and privacy of all Macromedia Flash Player users and all websites serving Macromedia Flash content are protected. Macromedia worked together with an external developer to verify and fix this issue. Both are committed to security for their customers. Macromedia Shockwave Player includes a “Flash Asset Xtra” that enables the playback of Macromedia Flash files within Shockwave content. This Flash Asset Xtra is also affected by the issue noted above. It will be updated based upon the revised player (6,0,47,0) and included in an updated release of Shockwave Player. The exact date of this release will be forthcoming shortly. ~~~~~~~~~~~~~ Revisions August 8, 2002 - Bulletin first released. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MPSB02-09 - Macromedia Flash Malformed Header Vulnerability Issue http://www.macromedia.com/v1/handlers/index.cfm?ID=23293 Originally posted: August 8, 2002 Last updated: August 8, 2002 Summary Macromedia has recently become aware of a vulnerability where a hand edited malformed Macromedia Flash movie (SWF) header can be exploited to cause a buffer over-write issue which could potentially lead to execution of arbitrary code. ~~~~~~~~~~~~~ Issues This can only occur with Macromedia Flash movies (SWF) that have been hand edited with a binary editor; Macromedia Flash the authoring tool will not output movies with this vulnerability. ~~~~~~~~~~~~~ Solution Customers should follow the recommendations found in this bulletin and download the newer Flash Player when it is available. ~~~~~~~~~~~~~ What Macromedia Is Doing Macromedia has isolated the issue and released an updated player (6,0,40,0) which is available for download on the Macromedia Player Download Center (at (http;//www.macromedia.com/go/getflashplayer/). Macromedia is committed to the security of the Macromedia Flash Player, and invests considerable ongoing effort to ensure that the security and privacy of all Macromedia Flash Player users and all websites serving Macromedia Flash content are protected. Macromedia worked together with eEye Digital Security to verify and fix this issue. Both companies are committed to security for their customers. ~~~~~~~~~~~~~ What Customers Should Do Customers should follow the recommendations found in this bulletin and download the newer Flash Player. ~~~~~~~~~~~~~ Revisions August 8, 2002 - Bulletin first released. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reporting Security Issues Macromedia is committed to addressing security issues and providing customers with the information on how they can protect themselves. If you identify what you believe may be a security issue with a Macromedia product, please send an email to securemacromedia.com. We will work to appropriately address and communicate the issue. ~~~~~~~ Receiving Security Bulletins When Macromedia becomes aware of a security issue that we believe significantly affects our products or customers, we will notify customers when appropriate. Typically this notification will be in the form of a security bulletin explaining the issue and the response. Macromedia customers who would like to receive notification of new security bulletins when they are released can sign up for our security notification service. For additional information on security issues at Macromedia, please visit the Security Zone at: http://www.macromedia.com/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE INFORMATION PROVIDED BY MACROMEDIA IN THIS BULLETIN IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, COVER,LOSS OF PROFITS, BUSINESS INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE. Macromedia reserves the right, from time to time, to update the information in this document with current information.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]