Critical Flash Flaw Found, Fixed

Macromedia’s Flash has a critical bug that leaves all browser users armed with the popular media player open to attack, a security firm announced late Friday. The vulnerability, said eEye Digital Security, the Aliso Viejo-Calif.-based company that discovered the flaw, is in the code of Flash.ocx, the component responsible for playing back .swf files (Flash content files). An attacker who manages to entice a user to a malicious Web site with a malformed Flash file could grab control of the PC, said eEye, if that user was running Windows with Administrator rights. Read more