Shostack + Friends Blog Archive


Macromedia Flash Critical Update


There’s apparently a critical flaw in Macromedia Flash 7. (You know, the software that plays annoying ads in your browser?) This affects at least PCs and Macs. Macromedia’s advisory is here. eeye has an advisory which makes it sound like a PC-only issue. Sec-Consult has published POC code.

It’s unclear to me why, 130 days after eeye reported it, no one could be bothered to get a CVE entry for this. (Via the MSRC blog.)

[Update, private to DM, and, you know, other folks who tell me about these things: Next time you’re telling me about 0day, please make it clear that it’s 0day? I thought you were talking about some old bug and I’d forgotten the details. Thanks!]