Macromedia has warned that its Flash Player, a ubiquitous application for playing multimedia files, has a vulnerability that could allow attackers to run malicious code on Windows and Unix-based operating systems. . .
Macromedia has warned that its Flash Player, a ubiquitous application for playing multimedia files, has a vulnerability that could allow attackers to run malicious code on Windows and Unix-based operating systems.

Separately, researchers discovered a flaw in the player that could allow an attacker to read files on a user's local hard drive. The software flaws are serious because the Flash Player is so widespread. Macromedia estimates that more than 90 percent of PCs are capable of playing Flash content.

The file-execution vulnerability, discovered by EEye Digital Security, uses a modified header in a SWF movie file to create a buffer overrun in Flash Player. Macromedia noted that the malformed headers could only be created by hand-editing the file with a binary editing tool, and could not be created by the Flash authoring tool.

The link for this article located at ZDNet is no longer available.