Related information

Macromedia Flash Player array index overflow

[SA17437] Opera Macromedia Flash Player SWF Arbitrary Code Execution

[SA17481] Internet Explorer Macromedia Flash Player SWF Arbitrary Code Execution

[Full-disclosure] SEC Consult SA-20051107-1 :: Macromedia Flash Player ActionDefineFunction Memory Corruption

[Full-disclosure] [EEYEB-20050627B] Macromedia Flash Player Improper Memory Access Vulnerability

From:	Juha-Matti Laurio <juha-matti.laurio_(at)_netti.fi>
Date:	07.11.2005
Subject:	Netscape Flash Player Arbitrary Code Execution Vulnerability

Description:
Versions Netscape Browser 8.0.3.3 and Netscape 7.2 are vulnerable due to
affected, default Flash Player version included during installation
process. File NPSWF32.dll (Flash v7.0.19.0) is copied to C:\Program
Files\Netscape\Netscape Browser\plugins and C:\Program
Files\Netscape\Netscape\plugins folders.
Affected plugin library file is from July 2005.

Solution:
Update Flash Player to version 8.0.22.0 with browser's Plugin Finder
Service manually.

CVE:
CAN-2005-2628 assigned earlier to Flash Player

It is possible to check the installed Flash version via About / Plugins
feature (Netscape 7.x) or with typing about:plugins to the browser
location bar (Netscape Browser 8.x). File version NPSWF32.dll mentioned
is the version of Macromodeia Flash Player plugin installed.
Method about:plugins works in both of these browsers.


Best regards,
Juha-Matti Laurio, Networksecurity.fi
Security researcher
Finland
http://www.networksecurity.fi/