Home > Company > News > 2002 Archives > PR20020808
News
eEye Digital Security Detects Major Vulnerability in Macromedia Flash

(ALISO VIEJO, CA) August 8, 2002 — Flaw would enable malicious intruders to bypass firewalls and attack Windows & Unix users at the desktop level

For further information and a technical description of the advisory please visit:
http://eeye.com/html/Research/Advisories/AD20020808b.html

eEye Digital Security recently discovered an exploitable condition within the Shockwave Flash file format (SWF). This browser-based flaw allows sophisticated attackers to exploit users based on the websites they visit, newsgroups they read, or the mailing lists they frequent.

The vulnerability in Flash is exposed via a malformed header, created by the attacker, which would supply more frame data than the decoder is expecting and enable a users system to be compromised. This "one button" push attack makes vulnerable all versions of Macromedia Flash on Windows and Unix, through Microsoft Internet Explorer and Netscape. Essentially, wherever Shockwave files may be displayed or attached, the vulnerability exists.

eEye urges all users to download and install the latest patch immediately, this patch is found at the Macromedia website http://www.macromedia.com.

To detect if your network may be affected by this vulnerability, eEye Digital Security also recommends using Retina® Network Security Scanner to ensure that users are using an updated version of Shockwave Flash. A free trial of Retina is available at the eEye website http://www.eeye.com

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

Primary Agency Contact

Victor Cruz
MediaPR
(508) 655-4397 eEye@mediapr.net

EMEA Agency Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de

Corporate Contact

Stacy Newman
eEye Digital Security
(949) 900-4131 press@eEye.com