14 DAY TRIAL // The denial of service vulnerability in Macromedia Flash Player was discovered last week by the Fortinet Security Research Team. The private company based in Sunnyvale California has come across the flaw at the end of the passed year and informed Macromedia but claims that it has yet to receive an official response from the makers of Flash. As the emphasis on visual experience and graphic standards in today's Web sites increase, more and more developers turn to the solution provided by Flash. The problem with such technology, as with AJAX, is that the dynamic content passes relatively easily through the security filters, making it a tool for online attacks.
The vulnerability published by the Fortinet Security Research Team refers to the creation of a malicious .swf file that if further comprised. The file is then embedded on a Web site. An unsuspected user visiting such a site is automatically targeted without any other interaction required of him as the browser will start the flash player on its own to play the .swf content. Such an action causes the browser to crash leading to a DoS condition.
Macromedia Flash Player v8.0.24.0 and prior were all affected by the vulnerability, but Macromedia has already updated the application out of the sight of the public, and the latest version of the player is no longer flawed in this manner.