[23808] in bugtraq
Shockwave Flash player issue
daemon@ATHENA.MIT.EDU (Peter Santangeli)
Thu Jan 10 23:34:17 2002
Date: 9 Jan 2002 01:44:47 -0000
Message-ID: <20020109014447.17577.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Peter Santangeli <psantangeli@macromedia.com>
To: bugtraq@securityfocus.com
Macromedia was recently informed of a potential
issue with the standalone Macromedia Flash Player
running on Microsoft Windows. This issue does not
affect web content viewed in a browser.
After testing by both Macromedia and Sophos Anti-
virus, the company who initially reported this potential
issue, Macromedia has found that this issue can only
affect content that is sent via email or downloaded
from a site and then run outside a browser.
In either case, the content must be run in a
Macromedia stand-alone Flash Player or associated
Projector executable to represent a risk. This player
is not installed by any browser installation, and is only
installed with the Macromedia Flash authoring
product.
Macromedia appreciates the work of Sophos in
reporting this potential issue, and will be issuing a
patch later this week; a fix will also be included in
future versions of the product.
For more information on the patch please visit:
http://www.macromedia.com/support/flash/.
Macromedia will continue to take potential security
issues very seriously. Security issues concering the
Macromedia Flash player may be mailed to
flashplayer_security@macromedia.com.
Pete Santangeli, Vice President of Engineering,
Macromedia Inc.
