Macromedia Flash Malformed Header Vulnerability Issue

Summary
Macromedia has recently become aware of a vulnerability where a hand edited malformed Macromedia Flash movie (SWF) header can be exploited to cause a buffer over-write issue which could potentially lead to execution of arbitrary code.

Issues
This can only occur with Macromedia Flash movies (SWF) that have been hand edited with a binary editor; Macromedia Flash the authoring tool will not output movies with this vulnerability.

Solution
Customers should follow the recommendations found in this bulletin and download the latest Macromedia Flash Player. More...

Download Macromedia Flash Player 6

This does include the Flash Player 6 that is included in Netscape 7.0/7.01. Users of Netscape 7.0/7.01 can also install a patch for flashplayer at http://www.hmetzger.de/net7comp.html - this is for all users of Netscape 7.x.

EDIT: Note that the site for Holger's patch is in German. This is roughly the Translated page:
---

Netscape 7,01 Compact

News:
19.12.02: Safety update! Macromedia announces a heavy safety problem with Flashplayer. By this nose also Netscape 7,01 Compact is concerned. At the gap to close I offer a 400kb Patch Install.

You must have this Preference enabled to install the flash.xpi file:
Edit|Advanced|Software Installation

It is recommended however, to use the official update program so that ALL flashplayers on your system, including the one for IE are updated to the latest version.

Ramona

 

You can also download from this page, if your browser isn't detected automatically.

(one for the bookmarks...)
http://www.macromedia.com/shockwave/download/alternates/


[b/]tranquilo[/b]