> No no - you are vulnerable if you *visit* a site that has been hacked.
lol, of course, obviously that too, I wasn't paying attention there for a moment. Good think you pointed that out :) Thanks, Gerrit > -----Original Message----- > From: "Peter B" <[EMAIL PROTECTED]> > Sent: Wednesday 28 May 2008 11:36 > To: "Flash Coders List" <flashcoders@chattyfig.figleaf.com> > CC: > Subject: Re: [Flashcoders] Flash Player security hole > > > > you are only vulnerable if your site is hackable > > No no - you are vulnerable if you *visit* a site that has been hacked. > > 2008/5/28 Gerrit Grobbelaar <[EMAIL PROTECTED]>: > > The UPDATE section here: > > http://www.securityfocus.com/bid/29386/exploit > > > > states that website hacks let the pages forward to the malicious Flash > > files. > > > > So unless you haven't compiled a malicious SWF yourself (which I'm not up > > to speed yet how to do) you are only vulnerable if your site is hackable, > > forcing code onto your site, e.g. via SQL injection, to redirect to > > malicious SWF files hosted elsewhere. > > > > Thanks, > > Gerrit > > > >> -----Original Message----- > >> From: "Bob Wohl" <[EMAIL PROTECTED]> > >> Sent: Wednesday 28 May 2008 00:22 > >> To: "Flash Coders List" <flashcoders@chattyfig.figleaf.com> > >> CC: > >> Subject: Re: [Flashcoders] Flash Player security hole > >> > >> > >> egads! My apologies, I quickly skimmed over it and figured it was the > >> same as last month. > >> > >> > >> B. > >> > >> On Tue, May 27, 2008 at 3:09 PM, Merrill, Jason < > >> > >> [EMAIL PROTECTED]> wrote: > >> > >>have them upgrade to 9.0.124. > >> > > >> > Bob, the article states, "the flaw affects both the recently released > >> > Flash Player version 9.0.124 .0 and version 9.0.115.0" > >> > > >> > Jason Merrill > >> > Bank of America > >> > Global Technology & Operations & Global Risk L&LD > >> > eTools & Multimedia > >> > > >> > Join the Bank of America Flash Platform Developer Community > >> > > >> > Are you a Bank of America associate interested in innovative learning > >> > ideas and technologies? > >> > Check out our internal GT&O Innovative Learning Blog & subscribe. > >> > > >> > > >> > _______________________________________________ > >> > Flashcoders mailing list > >> > Flashcoders@chattyfig.figleaf.com > >> > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > >> > >> _______________________________________________ > >> Flashcoders mailing list > >> Flashcoders@chattyfig.figleaf.com > >> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > > > _______________________________________________ > > Flashcoders mailing list > > Flashcoders@chattyfig.figleaf.com > > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > _______________________________________________ > Flashcoders mailing list > Flashcoders@chattyfig.figleaf.com > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
