Ozzy47
Administrator
If you weren't aware an exploit was found in the flash uploader (uploader.swf) file supplied with vBulletin 4.x. This file was part of the Yahoo YUI 2 package and Yahoo will not be fixing the exploit- Yahoo instructs anyone to remove the file since they no longer use Flash.
Officially vBulletin says it is better to replace the file with an empty file of the same name.
Official announcement here: http://www.vbulletin.com/forum/forum...n-uploader-swf
So BirdOPrey5 has released a fix for this but there is some restrictions to it, you can read about it and get it here, http://www.vbulletin.org/forum/showthread.php?t=306915
Read the original news thread here.