Flash flaw opens Windows for attack

Macromedia has warned that its Flash Player, a ubiquitous application for playing multimedia files, has a vulnerability that could allow attackers to run malicious code on Windows and Unix-based operating systems.

Separately, researchers discovered a flaw in the player that could allow an attacker to read files on a person?s local hard drive.

The software flaws are serious because the Flash Player is so widespread. Macromedia estimates that more than 90 percent of PCs are capable of playing Flash content.

The file-execution vulnerability, discovered by eEye Digital Security, uses a modified header in a SWF movie file to create a buffer overrun in Flash Player. Macromedia noted that the malformed headers could only be created by hand-editing the file with a binary editing tool, and could not be created by the Flash authoring tool.

This flaw affects all versions of Flash Player on Windows and Unix-based applications before 6,0,40,0, according to Macromedia. It does not require a browser, but can work through any application capable of reading embedded SWF files, including e-mail and instant messages, according to eEye.

The bug has been fixed in the latest software update, which is available on Macromedia's Web site.

In a separate notification issued last week, Holland-based programmer Jelmer Kuperus warned that a flaw in the XML functionality of Flash Player 6, and possibly other versions, could allow an attacker to read files on a person?s hard drive. The flaw allows an attacker to use several techniques to trick a browser into displaying local files, according to Kuperus.

This bug has been fixed in Flash Player versions 6.0 and newer. The latest versions of Flash Players for all software are available on Macromedia's player download page.

Matthew Broersma reported from London.