Macromedia warns of second Flash bug

Macromedia warns of second Flash bug

Macromedia has warned of flaws in several of its server products that could leave enterprises vulnerable to attacks. The incident is the second time in two weeks that Macromedia has issued patches.

This time the flaws are on the server side, rather than in Macromedia's widely used Flash Player software. The bugs leave Flash Communication Server MX, Breeze Communication Server, Breeze Live Server and Contribute Publishing Server (CPS) vulnerable to crashes or information disclosure, Macromedia said.

Macromedia said that Flash Communication Server MX versions 1.0 and 1.5 don't properly validate some RTMP data sent by Flash Player, which can allow users to crash the server.

Macromedia discovered the bug could be triggered by an alpha build of Flash Player 8.5. The company labelled the bug "important" and said users should patch.

Breeze Communication Server and Breeze Live Server are vulnerable to exactly the same vulnerability, Macromedia said.

The company also said users should update Contribute Publishing Server to the latest version, 1.11, to fix weak user password encryption in connection keys using shared FTP login credentials. The new version uses a more secure encryption algorithm, Macromedia said.

Patching instructions are included in the advisories on Macromedia's site.

Two weeks ago Macromedia warned of a critical bug in Flash Player that exposed millions of systems to serious attacks. eEye, the security research firm co-credited with discovering the bug, said it had demonstrated "reliable exploitation" using the bug in the Internet Explorer browser, but other browsers are also said to be just as open to attack.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Channel Roadmap

The Channel Roadmap is a bespoke content hub housing strategic priorities from technology vendors for 2022 and beyond, partners can find the guidance on the key technologies and markets to pursue, to help build a blueprint for future success.

Show Comments