GUYA.NET

FLA is one of these file format that we’re used to freely open without any fear. Our complete confidence is going to change since a new exploit has been found. This exploit enable an attacker to manipulate an FLA file in a way that, when loaded into the Flash CS3 or 8 IDE, it will execute arbitrary code on our machine.

No need to panic, it’s unlikely that too many of the malicious FLA files are floating around. Just don’t run any untrusted FLA files until Adobe will issue the fix.

More info

Technical info

Related posts:

1. Bug in Internet Explorer security model when embedding Flash
2. Mysteries Flash exploit is hijacking the clipboard?
3. Encapsulating CSRF attacks inside massively distributed Flash movies – Real world example
4. Thanx for not killing the Flash clipboard
5. XP SP3 downgrade the Flash Player

This entry was posted on Thursday, March 20th, 2008 at 9:08 pm and is filed under Flash CS3, Flash General, Flash Security, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.