http://www.cnn.com/2003/TECH/internet/0 ... index.html
TechWeb: Flash Player poses threat
By George V. Hulme
InformationWeek
(TechWeb) --Macromedia Inc. is warning its users of what it calls a critical security flaw found in the latest version of its Flash animation player. It is advising customers to immediately install a new version just released on its Web site which should fix the security hole.
Macromedia says up to 75 percent of computers worldwide run its player.
In its alert, the company said the vulnerability involves the player's "sandbox," which acts as a safety zone between a user's system and code downloaded from the Internet to be run within the player. The flaw, which would let an attacker create a buffer overflow, could enable an attacker to gain access to a user's system.
Macromedia recently appointed a chief security officer, who company officials say will work with developers and with the security community to bring "relentless" focus on the security of its applications.