Suggest A Fix PC Support Forums > Macromedia Multiple Alert

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Dec 18 2002, 06:10 PM

There were several alerts issued for Macromedia products recently. Listed below are those issues currently being dealt with by the vendor:

Macromedia Flash Malformed Header Vulnerability Issue

Macromedia has recently become aware of a vulnerability where a hand edited malformed Macromedia Flash movie (SWF) header can be exploited to cause a buffer over-write issue which could potentially lead to execution of arbitrary code.

Customers should download the newest download the newest Flash Player as a solution.
*************

This next section addresses two alerts from Macromedia

ColdFusion Server Bug In Parsing XML DTDs May Let Remote Users Crash the Server.

Patch available for web services denial-of-service vulnerability in JRun 4.0 and ColdFusion MX

Web services in JRun 4.0 and ColdFusion MX products are vulnerable to a denial of service attack by passing incorrectly formed messages to the SOAP interfaces exposed by ColdFusion MX and JRun. Both products use an XML parser (either Crimson or Xerces) that can be made to run in an almost infinite loop with this specially formed message - exhausting CPU resources.

For more information and solution go here.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.