• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

is allowing flash a serious threat?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
paulow1978
Just Arrived
Just Arrived


Joined: 20 Jan 2006
Posts: 0
Location: Tiverton, Devon

Offline

PostPosted: Thu Dec 14, 2006 3:38 pm    Post subject: is allowing flash a serious threat? Reply with quote

Hi,

I was just wondering is allowing users in our company to view websites with flash a serious security hole?

many thanks,

paul
Back to top
View user's profile Send private message Send e-mail
susano
Just Arrived
Just Arrived


Joined: 21 Dec 2006
Posts: 0
Location: Tampa, FL

Offline

PostPosted: Tue Jan 09, 2007 6:17 pm    Post subject: Reply with quote

There were a coupla bugs* in 2006 that allowed remote code execution through buffer overflows in flash player. That's pretty serious.



*http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Tue Jan 09, 2007 7:35 pm    Post subject: Reply with quote

It’s all about risk management and defense-in-depth. Every piece of additional software that interacts with the Internet is yet another vector for possible infiltration. To mitigate this risk, patch your software when vulnerabilities are found and discourage users from browsing shady websites. There will always be a trade off / usability decision that will need to be made if security is a high priority in your organization; this is true especially with software that has been vulnerable in the past (as susano has already mentioned).
Back to top
View user's profile Send private message
nithi
Just Arrived
Just Arrived


Joined: 08 Jul 2007
Posts: 0


Offline

PostPosted: Sun Jul 08, 2007 10:32 pm    Post subject: Reply with quote

I agree very much with what PhiBer had suggested. Security decisions had to be made frequently especially if security is of major concern in the organisation. And use of unreliable sites is to be avoided as much as possible. Wink
About the flash player, the Microsoft security advisory has issued a security bulletin regarding the security issue of flash player. The link is http://www.microsoft.com/technet/security/advisory/916208.mspx the link states that Microsoft offers technical support.
Cool
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register