Hi to All,

A SECURITY HOLE in the way Macromedia's Flash player handles ActiveX content could allow an attacker to run the code of their choice on vulnerable systems, according to a security advisory published by eEye Digital Security late Thursday. Macromedia is offering a new download of the player which fixes the flaw.

The vulnerability affects the Flash.ocx ActiveX component of the Flash player version 6 revision 23, and may affect earlier versions as well, Aliso Viejo, California, eEye said in its alert. The Flash.ocx component is installed with Internet Explorer, as well as with the Flash player, eEye said.

A buffer overflow in Flash.ocx could allow an attacker to run code of their choice on a vulnerable system when a user reads an HTML (Hypertext Markup Language) -formatted e-mail containing attack code, visits a Web site with attack code in it or uses Internet Explorer to display any other third party HTML, eEye said.

EEye said that Macromedia, based in San Francisco, was already aware of the issue when it contacted the company and that the latest version of the Flash player fixed the flaw. Users should upgrade to the latest version of the Flash player, version 6 revision 29, eEye said.

The updated Flash player can be downloaded at http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash.

source: infoworld

Technodrome

* * * ok this one has me confused.......the link above posted leads to a download of the "flash" for Netscape *4.7 ....a further search of the website revealed a "flash" download for Internet explorer-Aol * *.....but there are no revision numbers listed........so which..what download is correct???

* * * *I use IE.....netscape is also on my computer....does this mean I need to download "two" differant versions....or....is one download of the update workable on both IE and Netscape?

* * * * * * * * * * * *snowman


* ** any wonder why people are frustrate with downloading updates..........this one has feeling like not even wasting my time.

* * * *To heck with it.....in less than one minute I un-installed macromedia out of my os.....was sure alot easier than trying to sort through the confusion




* * * * * * * * * * *snowman

If you open this link in IE you will download Flash player *update for IE. If you wish to download it for Netscape then open it in Netscape.

I use IE and I got this:
Download Time Estimate: 1 minute @ 56K modem
Version: 6,0,29,0 -------------> Version of Flash Player
Platform: Windows
Browser: Internet Explorer
File size: 383 K
Date Posted: 5/1/2002 -----> The most recent version
Language: English

You need to download it separate for each browser!


Technodrome

Hi,snowman!

I noticed when I did it that Netscape was a little more bothersome to do (might be because I'm running an older version). I had to d/l the file to the desktop, click on it there to get it to install, etc., etc.

It was also interesting to note that apparently it knew Opera was on my computer, because it had both Opera and Netscape high-lighted as being programs that were going to get the updated Flash. (Opera wasn't running at the time). Went ahead and did the update and now all three browsers are (supposedly) covered *- I did IE separately. HTH Pete

* * * * TECH *and SPY1

* * * * Thanks guys.....alittle help from some you guys did the trick.........

* * * * this was the most troublesome download I've made so far this year.....in part because of me...the download site could not "see" that I am using internet explorer.....an kept offering the install for netscape

* * * once you guys posted replies I realized that it had to be my settings causing the problem....it was. * an the install for internet explorer is now complete.....also have downloaded the install for netscape an will install it later...this mess made my head hurt *LOL

* * * *Pete thats rather odd that it could "see" opera...but fortunate that it did. * *

* * * my first re-action was wondering how many users would download the wrong install an then think they were safe....either by not knowing that each browser needed a replacement....or by being directed to the wrong install as in my case....(which I admit was my error..caused by computer settings) ...when all the company needs to do is place a small notice saying that seperate installs are needed.

* * * well..anyone reading this thread will know now....so some good came of this.

* * * * * * * * * *again..my thanks...if not for your replies I would have not made the upgrades...an just left it un-installed in my os.


* * * * * * * * * * * * * * snowman