The Web    Google
Macromedia Patches MX 2004 Security Flaws

Macromedia Patches MX 2004 Security Flaws
March 15, 2004
Ryan NaraineBy

Macromedia (Quote, Chart) has released a series of patches to plug security holes in its flagship Macromedia MX 2004 products.

The San Francisco-based software and platform provider, which also markets products for content building and graphics design, said vulnerabilities were found in products for the Mac OS X platform and could be exploited by malicious users to escalate their privileges.

Affected products include Macromedia Studio MX 2004, Macromedia Flash MX Professional 2004, Macromedia Flash MX 2004, Macromedia Fireworks MX 2004, Macromedia Dreamweaver MX 2004 and Macromedia Contribute 2.

"Macintosh versions of the Macromedia installers and e-licensing client install a service whose file permissions allow "other" users to write to the file," the company warned. "This may allow one local user to obtain the permissions of another local user (including an admin user) and leads to a "moderate" privilege escalation threat.

Macromedia said the flaw only affects products installed on machines with multiple users and does not appear to be a threat under typical installation of products where the computer's only user is already considered the administrator.

The company said the patches to fix the security holes are currently available for download.

The Macromedia MX software suite combines client and server-based development tools for creating Web applications. It combines Flash for graphics and Shockwave for animation and have been integrated into offerings from both Microsoft (, ) and Apple Computer (, ).

Separately, Macromedia released an update for Dreamweaver MX 2004 to speed up the operation of the software and to improve performance and stability.

The update promises that Dreamweaver will run up to 50 percent faster on Windows and up to 70 percent faster on the OS X.

  • Fortinet To Deliver 3G Multifunction Security Appliance
  • ChoicePoint Stops Selling Some of Your Info
  • 3/21: Sumon-C an IM and P2P Worm
  • 3/30: Anicmoo-C Trojan Arrives in Package
  • Microsoft Patches 'Critical' ASN.1 Vulnerability
  • How Spyware Took the Next-Gen Threat Crown
  • AntiOnline Spotlight: Trojan Force
  • Symantec, Veritas Leaders Tout Merger
  • CERT Issues Warning for OpenSSH Flaw
  • Mass-Mailing Worm Copies Itself to Windows Folder
  • SAML Just The Start For Web Services Security
  • Computer security background information