Security alert: There's a hole in my Flash Player

By Matthew Broersma

Two flaws have been discovered in Macromedia's Flash Player that could leave PCs open to attack.

Macromedia has warned that its Flash Player, a ubiquitous application for playing multimedia files, has a vulnerability that could allow attackers to run malicious code on Windows and Unix-based operating systems.

Separately, researchers have discovered a flaw in the player that could allow an attacker to read files on a user's local hard drive.

The software flaws are serious because the Flash Player is so widespread. Macromedia estimates that more than 90 per cent of PCs are capable of playing Flash content.

The file-execution vulnerability, discovered by EEye Digital Security, uses a modified header in a SWF movie file to create a buffer overrun in Flash Player.

Macromedia noted that the malformed headers could only be created by hand-editing the file with a binary editing tool, and could not be created by the Flash authoring tool.

This flaw affects all versions of Flash Player on Windows and Unix-based platforms before 6,0,40,0, according to Macromedia.

It does not require a browser, but can work through any application capable of reading embedded SWF files, including emails and instant messages, according to EEye.

The bug has been fixed in the latest software update, available on Macromedia's website.

In a separate notification issued last week, Holland-based programmer Jelmer Kuperus warned that a flaw in the XML functionality of Flash Player 6, and possibly other versions, could allow an attacker to read files on a user's hard drive. The flaw allows an attacker to use several techniques to trick a browser into displaying local files, according to Kuperus.

This bug has been fixed in Flash Player versions 6,0,47,0 and newer. The latest versions of Flash players for all platforms are available on Macromedia's player download page http://www.macromedia.com/shockwave/download/alternates/ .

Matthew Broersma writes for ZDNet.co.uk