===================================================================== CERT-Renater Note d'Information No. 2005/VULN693 _____________________________________________________________________ DATE : 09/11/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Macromedia Flash Player 7. ====================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MPSB05-07 Flash Player 7 Improper Memory Access Vulnerability Learn more: http://www.macromedia.com/go/mpsb05-07 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Summary: A vulnerability in Macromedia Flash Player 7 has been identified that could allow the execution of arbitrary code. ~~~~~~~ Solution: The current version of Macromedia Flash Player (8.0.22.0) contains a fix for the vulnerability. Users who have already upgraded to Flash Player 8 are not affected by this issue. Macromedia recommends all Flash Player 7 and earlier users upgrade to this new version, which can be downloaded from the Macromedia Player Download Center. For customers with operating systems that do not support Flash Player 8 (Microsoft Windows 95, Microsoft Windows NT, or classic Macintosh operating systems), please refer to the Flash Player 7 update TechNote. Macromedia Player Download Center: http://www.macromedia.com/go/getflashplayer Flash Player 7 Update TechNote: http://www.macromedia.com/go/d9c2fe33 ~~~~~~~ Receiving Security Bulletins: When Macromedia becomes aware of a security issue that we believe significantly affects our products or customers, we will notify customers when appropriate. Typically this notification will be in the form of a security bulletin explaining the issue and the response. Macromedia customers who would like to receive notification of new security bulletins when they are released can sign up for our security notification service. For additional information on security issues at Macromedia, please visit: www.macromedia.com/resources/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS OR FIXES PROVIDED BY MACROMEDIA IN THIS BULLETIN ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE. Macromedia reserves the right, from time to time, to update the information in this document with current information. - ---------------------------------------------------------------------------------- ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================