theres an exploit in macromedia flash player 6
read about it here
http://news.zdnet.com/2100-1009_22-898517.html
or just read it here
An exploit has been discovered in Macromedia's Flash player that could let hackers execute malicious code on a user's computer.
According to Macromedia, more than 436 million copies of the Flash player have been downloaded from its site, accounting for 98 percent of Web users.
The exploit appears to have been independently discovered by Macromedia, which has already issued a fixed version of the Flash player, and by security software firm eEye Digital Security, which was credited last year with discovering and naming the Code Red virus.
Marc Maiffret, chief hacking officer at eEye, attributed the Macromedia Flash flaw to a buffer overflow vulnerability connected to an ActiveX control called Flash.ocx. "This attack can be performed via some HTML email clients, as well as when visitors visit malicious Web sites," he said.
EEye said it had confirmed the vulnerability in Flash Version 6, revision 23 which, it said, would "include most installations on Windows". Older versions of Flash could be affected, said eEye, and while the company admitted it had not tested them, it said that people who have an older version of Flash that is not affected may be forced to "upgrade" to the affected version because the OCX is signed by Macromedia.
EEye said it alerted Macromedia on Wednesday, and was told that Macromedia had just released a new revision. "We tried the link they gave us and it did indeed fix the problem," said eEye.
Flash Version 6, revision 29 can be downloaded from here.
EEye said it decided to make the vulnerability public because the signed OCX control has been downloaded "by an untold number of people, and potentially could still be used in an exploit scenario against those without the latest OCX". Furthermore, said eEye, this issue was found in the wild, "and it is not safe to assume it could not be found by others with malicious intent. Nor do we believe it is safe to assume this has not been found by users with malicious intent."
Troy Evans, product manager for Flash player, said the vulnerability only exists in Flash 6, revision 23, and does not affect previous versions of Flash. Revision 23 of the player is the first publicly available version of Flash 6, and was posted for download on Macromedia's site a month ago amid a flurry of publicity.
"The latest studies show we have a 3.3 percent penetration with this player," said Evans. "We have updated the deployment, and people are being redirected to revision 29," he said.
Evans said he had not heard of any reports of the exploit affecting users. "We have been working with eEye, but we did discover this ourselves." Macromedia had no issue with eEye publicising the vulnerability, said Evans. "The general public should be aware of issues that could affect them."
This is not the first security scare with Macromedia Flash. In January, antivirus companies warned PC users that future Macromedia Flash movies could carry malicious viruses and worms after an unknown virus writer sent just such an infectious program to UK antivirus company Sophos. Dubbed SWF/LFM-926, the program did little but infect Flash files on a PC when the movie is played.
The vulnerable code exists in Flash.ocx, which embodies the code
responsible for playing back SWF files. One function maintains a large,
256-element table of function pointers on the stack, and uses a frame
type identifier read from the SWF file as an index into the array,
without enforcing the array boundaries. The following disassembly
depicts the affected code:
.text:1002714F mov eax, [esi+0CA4h] ; type number
.text:10027155 mov ecx, [esi+94h] ; base of table
.text:1002715B lea eax, [ecx+eax*8] ; get element address
.text:1002715E mov ecx, [eax] ;
Although the index is not validated, its value is elsewhere restricted
to be at most 0x8000, so the attacker can cause a function pointer to be
retrieved from memory up to roughly 64KB after the base of the table on
the stack. Typically this range will include heap memory, so by
planting specific data on the heap, the attacker can very easily control
the exact value of the function pointer. Reliable exploitation using
this technique within Internet Explorer has been demonstrated by eEye
Digital Security.
Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Blink - Endpoint Vulnerability Prevention - protects from this
vulnerability.
tools that may come in handy to make a hack for psp flashplayer 6
http://www.gold-software.com/DreamFl...-file5708.html http://www.tomdownload.com/multimedi..._converter.htm
oh yeah be nice to MATTE
Linear Mode
