Msg#: 3913201 posted 3:58 am on May 14, 2009 (gmt 0)
More than 16 months after researchers warned that critical vulnerabilities in Adobe Flash files leave websites vulnerable to phishing and other serious attacks, a wide array of pages - some hosted on Adobe.com itself - remain vulnerable.
The problem stems from buggy SWF files that generate banner ads and other animated content. In December 2007, a team of researchers discovered the files could be exploited by attackers to tamper with websites belonging to banks, government agencies and other trusted organizations. Over the next few months, the researchers repeatedly warned webmasters the problem would be difficult to fix, because it would require potentially millions of graphics files to be regenerated, often from scratch.