Adobe Flash Player fails to properly handle malformed SWF files resulting in a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. The SWF file format is used by Adobe Flash multimedia files. See the Adobe File Format Specification FAQ for more information on the SWF file format.
Adobe Flash Player fails to properly handle malformed SWF files. If a remote attacker can persuade a user to access a specially crafted SWF file, system memory may be corrupted in a way that may allow an attacker to execute arbitrary code.
A remote attacker with the ability to supply a specially crafted SWF file to a vulnerable host may be able to execute arbitrary code on that system. The attacker-supplied code would be executed with the privileges of the user opening the file.
Upgrade Flash Player
Disable Adobe Flash Player in your web browser
This vulnerability was reported by Haifei Li of the Fortinet Security Research Team.
This document was written by Jeff Gennari.
|Date First Published:||2006-07-13|
|Date Last Updated:||2006-11-14 21:25 UTC|