Re: [Flashcoders] Flash security issue

2009-08-24 Thread Bill Jones 
My apologies for not getting back sooner. I have been pulled away from this
temporarily to put out another fire. But I was wondering if this will work
if the swf calls other swf files and video as well?

Will the wrapper throw off the scope to the other support files?


On 8/21/09 11:14 AM, "Gregory Boland"  wrote:

> thats why i'm saying create a wrapper file for that swf.  take the swf that
> is given to you from ad wonder and import it into a .fla file.  then make an
> .exe file out of that.
> 
> On Fri, Aug 21, 2009 at 10:13 AM, Bill Jones wrote:
> 
>> Unfortunately, AdWonder controls the entire process. It builds the files
>> and
>> I simply download a stuffit file that contains the html, swf and support
>> files.
>> 
>> 
>> On 8/21/09 10:08 AM, "Gregory Boland"  wrote:
>> 
>>> create an .exe file so that when you run it from a CD you can run it
>>> standalone.  Not sure about what your using, if it allows you to do that
>> but
>>> maybe if you create a wrapper swf and load the other swf into your
>> wrapper
>>> swf you can create an .exe file
>>> 
>>> greg
>>> 
>>> 
>>> 
>>> On Fri, Aug 21, 2009 at 9:52 AM, Bill Jones >> wrote:
>>> 
 I am creating a Demo file using EyeWonder's AdWonder. It generates an
>> html
 with accompanying swf and support files. I can copy the html and file
 folder
 to a disk so the client can view the finished piece locally on a stand
 alone
 laptop.
 
 Unfortunately, to view it from a CD, you have to adjust flash security
 setting through the Flash Player Security Manager (something the client
>> has
 no idea how to do).
 
 Is there a way to bypass the security settings, or can I add some
 javascript
 (link a js file) to the html mage that will make the change transparent
>> to
 the end user?
 
 _
 Bill Jones
 Interface Developer
 Backe Digital Brand Marketing
 35 Cricket Terrace Center
 Ardmore, PA 19003
 Voice: 610-896-9260 x280
 Fax: 610-896-9242
 bjo...@backemarketing.com
 
 "If you want to go forward, click Backe."
 
 ___
 Flashcoders mailing list
 Flashcoders@chattyfig.figleaf.com
 http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
 
>>> ___
>>> Flashcoders mailing list
>>> Flashcoders@chattyfig.figleaf.com
>>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>> 
>> 
>> _
>> Bill Jones
>> Interface Developer
>> Backe Digital Brand Marketing
>> 35 Cricket Terrace Center
>> Ardmore, PA 19003
>> Voice: 610-896-9260 x280
>> Fax: 610-896-9242
>> bjo...@backemarketing.com
>> 
>> "If you want to go forward, click Backe."
>> 
>> ___
>> Flashcoders mailing list
>> Flashcoders@chattyfig.figleaf.com
>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>> 
> ___
> Flashcoders mailing list
> Flashcoders@chattyfig.figleaf.com
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


_
Bill Jones
Interface Developer
Backe Digital Brand Marketing
35 Cricket Terrace Center
Ardmore, PA 19003
Voice: 610-896-9260 x280
Fax: 610-896-9242
bjo...@backemarketing.com

"If you want to go forward, click Backe."

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Flash security issue

2009-08-23 Thread Chris Foster 
You could also use a standalone webserver - I've used 'Server2Go CD-ROM
Webserver' before, it's quite customisable, and also gets me past all
those annoying security issues.

I like it as a solution because I don't need to do an extra version (as
an .exe) of my projects, and I don't need to force users to change
settings they wouldn't normally need to know about, and my
ExternalInterface interactions will still function as expected.

C:

 

-Original Message-
From: flashcoders-boun...@chattyfig.figleaf.com
[mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Gregory
Boland
Sent: Saturday, 22 August 2009 1:14 AM
To: Flash Coders List
Subject: Re: [Flashcoders] Flash security issue

thats why i'm saying create a wrapper file for that swf.  take the swf
that is given to you from ad wonder and import it into a .fla file.
then make an .exe file out of that.

On Fri, Aug 21, 2009 at 10:13 AM, Bill Jones
wrote:

> Unfortunately, AdWonder controls the entire process. It builds the 
> files and I simply download a stuffit file that contains the html, swf

> and support files.
>
>
> On 8/21/09 10:08 AM, "Gregory Boland" 
wrote:
>
> > create an .exe file so that when you run it from a CD you can run it

> > standalone.  Not sure about what your using, if it allows you to do 
> > that
> but
> > maybe if you create a wrapper swf and load the other swf into your
> wrapper
> > swf you can create an .exe file
> >
> > greg
> >
> >
> >
> > On Fri, Aug 21, 2009 at 9:52 AM, Bill Jones 
> > >wrote:
> >
> >> I am creating a Demo file using EyeWonder's AdWonder. It generates 
> >> an
> html
> >> with accompanying swf and support files. I can copy the html and 
> >> file folder to a disk so the client can view the finished piece 
> >> locally on a stand alone laptop.
> >>
> >> Unfortunately, to view it from a CD, you have to adjust flash 
> >> security setting through the Flash Player Security Manager 
> >> (something the client
> has
> >> no idea how to do).
> >>
> >> Is there a way to bypass the security settings, or can I add some 
> >> javascript (link a js file) to the html mage that will make the 
> >> change transparent
> to
> >> the end user?
> >>
> >> _
> >> Bill Jones
> >> Interface Developer
> >> Backe Digital Brand Marketing
> >> 35 Cricket Terrace Center
> >> Ardmore, PA 19003
> >> Voice: 610-896-9260 x280
> >> Fax: 610-896-9242
> >> bjo...@backemarketing.com
> >>
> >> "If you want to go forward, click Backe."
> >>
> >> ___
> >> Flashcoders mailing list
> >> Flashcoders@chattyfig.figleaf.com
> >> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> >>
> > ___
> > Flashcoders mailing list
> > Flashcoders@chattyfig.figleaf.com
> > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
>
> _
> Bill Jones
> Interface Developer
> Backe Digital Brand Marketing
> 35 Cricket Terrace Center
> Ardmore, PA 19003
> Voice: 610-896-9260 x280
> Fax: 610-896-9242
> bjo...@backemarketing.com
>
> "If you want to go forward, click Backe."
>
> ___
> Flashcoders mailing list
> Flashcoders@chattyfig.figleaf.com
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
This e-mail, including any attached files, may contain confidential and 
privileged information for the sole use of the intended recipient.  Any review, 
use, distribution, or disclosure by others is strictly prohibited.  If you are 
not the intended recipient (or authorized to receive information for the 
intended recipient), please contact the sender by reply e-mail and delete all 
copies of this message.

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Flash security issue

2009-08-21 Thread Gregory Boland 
thats why i'm saying create a wrapper file for that swf.  take the swf that
is given to you from ad wonder and import it into a .fla file.  then make an
.exe file out of that.

On Fri, Aug 21, 2009 at 10:13 AM, Bill Jones wrote:

> Unfortunately, AdWonder controls the entire process. It builds the files
> and
> I simply download a stuffit file that contains the html, swf and support
> files.
>
>
> On 8/21/09 10:08 AM, "Gregory Boland"  wrote:
>
> > create an .exe file so that when you run it from a CD you can run it
> > standalone.  Not sure about what your using, if it allows you to do that
> but
> > maybe if you create a wrapper swf and load the other swf into your
> wrapper
> > swf you can create an .exe file
> >
> > greg
> >
> >
> >
> > On Fri, Aug 21, 2009 at 9:52 AM, Bill Jones  >wrote:
> >
> >> I am creating a Demo file using EyeWonder's AdWonder. It generates an
> html
> >> with accompanying swf and support files. I can copy the html and file
> >> folder
> >> to a disk so the client can view the finished piece locally on a stand
> >> alone
> >> laptop.
> >>
> >> Unfortunately, to view it from a CD, you have to adjust flash security
> >> setting through the Flash Player Security Manager (something the client
> has
> >> no idea how to do).
> >>
> >> Is there a way to bypass the security settings, or can I add some
> >> javascript
> >> (link a js file) to the html mage that will make the change transparent
> to
> >> the end user?
> >>
> >> _
> >> Bill Jones
> >> Interface Developer
> >> Backe Digital Brand Marketing
> >> 35 Cricket Terrace Center
> >> Ardmore, PA 19003
> >> Voice: 610-896-9260 x280
> >> Fax: 610-896-9242
> >> bjo...@backemarketing.com
> >>
> >> "If you want to go forward, click Backe."
> >>
> >> ___
> >> Flashcoders mailing list
> >> Flashcoders@chattyfig.figleaf.com
> >> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> >>
> > ___
> > Flashcoders mailing list
> > Flashcoders@chattyfig.figleaf.com
> > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
>
> _
> Bill Jones
> Interface Developer
> Backe Digital Brand Marketing
> 35 Cricket Terrace Center
> Ardmore, PA 19003
> Voice: 610-896-9260 x280
> Fax: 610-896-9242
> bjo...@backemarketing.com
>
> "If you want to go forward, click Backe."
>
> ___
> Flashcoders mailing list
> Flashcoders@chattyfig.figleaf.com
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Flash security issue

2009-08-21 Thread Bill Jones 
Unfortunately, AdWonder controls the entire process. It builds the files and
I simply download a stuffit file that contains the html, swf and support
files.


On 8/21/09 10:08 AM, "Gregory Boland"  wrote:

> create an .exe file so that when you run it from a CD you can run it
> standalone.  Not sure about what your using, if it allows you to do that but
> maybe if you create a wrapper swf and load the other swf into your wrapper
> swf you can create an .exe file
> 
> greg
> 
> 
> 
> On Fri, Aug 21, 2009 at 9:52 AM, Bill Jones wrote:
> 
>> I am creating a Demo file using EyeWonder's AdWonder. It generates an html
>> with accompanying swf and support files. I can copy the html and file
>> folder
>> to a disk so the client can view the finished piece locally on a stand
>> alone
>> laptop.
>> 
>> Unfortunately, to view it from a CD, you have to adjust flash security
>> setting through the Flash Player Security Manager (something the client has
>> no idea how to do).
>> 
>> Is there a way to bypass the security settings, or can I add some
>> javascript
>> (link a js file) to the html mage that will make the change transparent to
>> the end user?
>> 
>> _
>> Bill Jones
>> Interface Developer
>> Backe Digital Brand Marketing
>> 35 Cricket Terrace Center
>> Ardmore, PA 19003
>> Voice: 610-896-9260 x280
>> Fax: 610-896-9242
>> bjo...@backemarketing.com
>> 
>> "If you want to go forward, click Backe."
>> 
>> ___
>> Flashcoders mailing list
>> Flashcoders@chattyfig.figleaf.com
>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>> 
> ___
> Flashcoders mailing list
> Flashcoders@chattyfig.figleaf.com
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


_
Bill Jones
Interface Developer
Backe Digital Brand Marketing
35 Cricket Terrace Center
Ardmore, PA 19003
Voice: 610-896-9260 x280
Fax: 610-896-9242
bjo...@backemarketing.com

"If you want to go forward, click Backe."

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Flash security issue

2009-08-21 Thread Gregory Boland 
create an .exe file so that when you run it from a CD you can run it
standalone.  Not sure about what your using, if it allows you to do that but
maybe if you create a wrapper swf and load the other swf into your wrapper
swf you can create an .exe file

greg



On Fri, Aug 21, 2009 at 9:52 AM, Bill Jones wrote:

> I am creating a Demo file using EyeWonder's AdWonder. It generates an html
> with accompanying swf and support files. I can copy the html and file
> folder
> to a disk so the client can view the finished piece locally on a stand
> alone
> laptop.
>
> Unfortunately, to view it from a CD, you have to adjust flash security
> setting through the Flash Player Security Manager (something the client has
> no idea how to do).
>
> Is there a way to bypass the security settings, or can I add some
> javascript
> (link a js file) to the html mage that will make the change transparent to
> the end user?
>
> _
> Bill Jones
> Interface Developer
> Backe Digital Brand Marketing
> 35 Cricket Terrace Center
> Ardmore, PA 19003
> Voice: 610-896-9260 x280
> Fax: 610-896-9242
> bjo...@backemarketing.com
>
> "If you want to go forward, click Backe."
>
> ___
> Flashcoders mailing list
> Flashcoders@chattyfig.figleaf.com
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] flash :: security

2006-10-17 Thread Merrill, Jason 
http://www.adobe.com/devnet/flash/articles/fplayer8_security.html 

Jason Merrill
Bank of America 
Learning & Organization Effectiveness - Technology Solutions 
 
 
 
 
 

>>-Original Message-
>>From: [EMAIL PROTECTED] [mailto:flashcoders-
>>[EMAIL PROTECTED] On Behalf Of :: joshua
>>Sent: Tuesday, October 17, 2006 4:18 PM
>>To: flashcoders@chattyfig.figleaf.com
>>Subject: [Flashcoders] flash :: security
>>
>>so i have a flash movie that is hosted on a clients server that i
>>would like to load into an html page on my site. ive been looking at
>>security issues with this and it seems that the getUrl functions etc
>>are ignored.
>>
>>the flash file is flash 8.
>>
>>are there workarounds for loading external flash files like this?
>>
>>cheers.
>>
>>joshua forstot
>>President
>>Chief Creative Officer
>>
>>
>>+agenc
>>
>>AD :: NO. 632  |  27762 ANTONIO PKWY L1  |  LADERA RANCH, CA  |  92694
>>TN :: 949 218 8796
>>WS :: www.addagenc.com
>>
>>
>>___
>>Flashcoders@chattyfig.figleaf.com
>>To change your subscription options or search the archive:
>>http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>>
>>Brought to you by Fig Leaf Software
>>Premier Authorized Adobe Consulting and Training
>>http://www.figleaf.com
>>http://training.figleaf.com
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] Flash security advisories from U.S. Navy/Marines?

2005-12-02 Thread Merrill, Jason 
Fantastic John.  I know from my Flex sales rep (Matt Troedson), they are
using Flex in a few places in the Navy already... should be "resolvable"
I would think.

Jason Merrill   |   E-Learning Solutions   |  icfconsulting.com


>>-Original Message-
>>From: [EMAIL PROTECTED] 
>>[mailto:[EMAIL PROTECTED] On Behalf 
>>Of John Dowdell
>>Sent: Friday, December 02, 2005 3:39 PM
>>To: Flashcoders mailing list
>>Subject: Re: [Flashcoders] Flash security advisories from 
>>U.S. Navy/Marines?
>>
>>Merrill, Jason wrote:
>>> Thanks John.  I know Macromedia has worked wonders with the 
>>NMCI folks
>>> before, maybe you can do it again.
>>
>>... and thanks for the heads-up, Jason, staffers here are already in 
>>touch with their .MIL contacts to resolve it ;-)
>>
>>jd
>>
>>
NOTICE:
This message is for the designated recipient only and may contain privileged or 
confidential information. If you have received it in error, please notify the 
sender immediately and delete the original. Any other use of this e-mail by you 
is prohibited.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Flash security advisories from U.S. Navy/Marines?

2005-12-02 Thread John Dowdell 

Merrill, Jason wrote:

Thanks John.  I know Macromedia has worked wonders with the NMCI folks
before, maybe you can do it again.


... and thanks for the heads-up, Jason, staffers here are already in 
touch with their .MIL contacts to resolve it ;-)


jd




--
John Dowdell . Macromedia Developer Support . San Francisco CA USA
Weblog: http://www.macromedia.com/go/blog_jd
Aggregator: http://www.macromedia.com/go/weblogs
Technotes: http://www.macromedia.com/support/
Spam killed my private email -- public record is best, thanks.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Flash security advisories from U.S. Navy/Marines?

2005-12-02 Thread Merrill, Jason 
Thanks John.  I know Macromedia has worked wonders with the NMCI folks
before, maybe you can do it again.

Jason Merrill   |   E-Learning Solutions   |  icfconsulting.com




>>-Original Message-
>>From: [EMAIL PROTECTED] 
>>[mailto:[EMAIL PROTECTED] On Behalf 
>>Of John Dowdell
>>Sent: Friday, December 02, 2005 2:29 PM
>>To: Flashcoders mailing list
>>Subject: Re: [Flashcoders] Flash security advisories from 
>>U.S. Navy/Marines?
>>
>>Merrill, Jason wrote:
>>> Anyone know anything about this?  See the report below. 
>>
>>It sounds like they're talking about the security advisory 
>>released last 
>>month, which is addressed by either (a) on modern operating systems 
>>using the current Macromedia Flash Player, 8.0 generation; or (b) on 
>>Win95, WinNT, classic Mac or Linux, using the updated 7.x Players.
>>
>>http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
>>
>>For what it's worth, I just did a quick Google search, and the SWF I 
>>checked were still playing:
>>http://www.google.com/search?q=inurl:mil+macromedia
>>
>>Thanks for the heads-up, though, I'll spread the word here. 
>>Seems like 
>>their normal software update process should do it...?
>>
>>jd
>>
>>
NOTICE:
This message is for the designated recipient only and may contain privileged or 
confidential information. If you have received it in error, please notify the 
sender immediately and delete the original. Any other use of this e-mail by you 
is prohibited.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Flash security advisories from U.S. Navy/Marines?

2005-12-02 Thread Merrill, Jason 
Nevermind (unless you happen to know more about what the Navy/Marines
are going to do about it - that would be good to know.)

I referenced this in my own post:
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html


Jason Merrill   |   E-Learning Solutions   |  icfconsulting.com








NOTICE:
This message is for the designated recipient only and may contain privileged or 
confidential information. If you have received it in error, please notify the 
sender immediately and delete the original. Any other use of this e-mail by you 
is prohibited.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Flash security advisories from U.S. Navy/Marines?

2005-12-02 Thread John Dowdell 

Merrill, Jason wrote:
Anyone know anything about this?  See the report below. 


It sounds like they're talking about the security advisory released last 
month, which is addressed by either (a) on modern operating systems 
using the current Macromedia Flash Player, 8.0 generation; or (b) on 
Win95, WinNT, classic Mac or Linux, using the updated 7.x Players.


http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

For what it's worth, I just did a quick Google search, and the SWF I 
checked were still playing:

http://www.google.com/search?q=inurl:mil+macromedia

Thanks for the heads-up, though, I'll spread the word here. Seems like 
their normal software update process should do it...?


jd





--
John Dowdell . Macromedia Developer Support . San Francisco CA USA
Weblog: http://www.macromedia.com/go/blog_jd
Aggregator: http://www.macromedia.com/go/weblogs
Technotes: http://www.macromedia.com/support/
Spam killed my private email -- public record is best, thanks.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Flash security advisories from U.S. Navy/Marines?

2005-12-02 Thread Chris Wilson 
The vulnerabilities were reported on Bugtraq
(http://search.securityfocus.com/swsearch?query=macromedia&sbm=%2F&submit=Se
arch%21&metaname=alldoc&sort=swishlastmodified) a couple weeks ago.  The
vulnerabilities involve an attacker creating a malicious .swf file and
tricking a user into downloading it, similar to a web site tricking a user
into downloading a virus.  

If you're creating a Flash application/animation for a customer, though,
it's obviously not malicious, and thus the application itself is not
susceptible to the "attack".  The problem will be political, though,
convincing your DoD customer your application isn't vulnerable.

Of course, the reason to ban Flash player is less about interfacing with
your benign application, and more about worrying that a user will
inadvertently connect to another site that *does* have a malicious .swf
file.  The bug is in the Flash player, and can lead to compromise of the
client's system.

-Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Merrill,
Jason
Sent: Friday, December 02, 2005 1:51 PM
To: Flashcoders mailing list
Subject: [Flashcoders] Flash security advisories from U.S. Navy/Marines?

Anyone know anything about this?  See the report below.  This would
effectively bring our Flash work with the U.S. Navy and Marine Corp to a
screeching halt.  The NMCI gold disk is the standard install of software
for all computers in the Navy and Marines.  Flash 7 was previously
approved - now it looks like they could begin removing it from machines.
It would be a long while before they approve Flash 8.  And we were just
about to propose a Flex option for them too.  :-(

 

Anyone know anything about this security issue?







From: * 
Sent: Friday, December 02, 2005 1:28 PM
To: 
Subject: FW: Flash security advisories

 

FYI...

 

The NMCI just blocked access to ALL swf files from their web servers
(.mil domains) yesterday.

 

We'll have to see how this plays out.

 

**

 



-Original Message-
From: * 
Sent: Thursday, December 01, 2005 4:50 PM



Read below. Security vulnerabilities have been discovered in Flash. I
received notice from Camp Pendleton that NMCI has once again blocked
Flash mobile code from .mil networks. I confirmed with MCNOSC and asked
for the info below. If we haven't already received any calls from anyone
on .mil expressing issue viewing Flash activity on our site, we will
soon. Apparently Macromedia recommends going to Flash Player version 8.
We will meet tomorrow morning at 0930 in the CR to discuss the problem
and alternative solutions. The policy will need to be reinstated by MCEN
DAA to open the door again for Flash. 

 

Thanks,

 



 

-Original Message-
From: *** 
Sent: Thursday, December 01, 2005 1:46 PM
To: *
Subject: Flash security advisories

 

http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

 

IAVA extract:

 

Joint Task Force - Global Network Operations (JTF-GNO)
Information Assurance Vulnerability Alert

2005-A-0040

TOPIC:  Multiple Vulnerabilities in Macromedia Flash 

REFERENCE:   Macromedia
 
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

Security Focus 
http://www.securityfocus.com/bid/15332/info
  
http://www.securityfocus.com/advisories/9646 
   2 http://www.securityfocus.com/advisories/9728

CVE NUMBER(s):  CAN-2005-2628

Macromedia Flash ActionDefineFunction Memory Access Vulnerability

STIG FINDING:  1CAT  I 

THREAT ASSESSMENT:  High

TIMELINE SUMMARY

Release Date

Acknowledgement Suspense

Compliance Suspense

 

10 November 05

12 November 05

25 November 05

 

REVISION HISTORY

Number

Date

Details

 

1

15 Nov -05

Posted STIG FINDING

Category.

 

2

21 Nov 05

Added systems to  Vulnerable Systems
 area
Added  link to Reference
  area

 

3

29 Nov 05

Added patch link to DoD Patch Repository
 

EXECUTIVE SUMMARY/IMPACT

There are two vulnerabilities that have been identified affecting
Macromedia Flash plug-ins. Macromedia Flash is a widely distributed
application and is used to create simple motion graphics, video and
animation for interactive websites. A plug-in adds a specific feature or
service to a larger system, such as Macromedia Flash. 

The first vulnerability affects the Macromedia Flash Action Define
Function Memory Access plug-in. This plug-in is vulnerable to an input
validatio