Adobe Systems has patched a number of critical vulnerabilities in its Flash media player that could be used by attackers to take over an affected system. The bugs are severe enough that Microsoft, which distributes the Flash software with its Windows operating system, has also warned its customers of the issue.
Attackers could theoretically exploit the bugs by tricking a user into loading a maliciously encoded Flash movie file, which would have a .swf extension, Adobe said in its advisory, posted Tuesday at http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
The vulnerabilities can be found in Flash Player version 8.0.22 or earlier; the Breeze Meeting, version 5.1 and earlier; as well as the Shockwave player, version 10.1.0.11 and earlier.
Adobe's advisory credits Microsoft with discovering the vulnerabilities, but both the Windows and the Macintosh OS X operating systems are affected by the problem, according to Adobe.
The Flash format is a popular technology used for viewing and designing Web animation, and the Flash Player is widely distributed as a plug-in component for Web browsers. Flash was developed by Macromedia, which Adobe acquired last year.
Microsoft's security advisory can be found here: http://www.microsoft.com/technet/security/advisory/916208.mspx