Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.
30363c375ff1cfd9ff52aaa80962c191c90f7efca433f643ed198fbfffde6e45
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26027
VERIFY ADVISORY:
http://secunia.com/advisories/26027/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
>From remote
REVISION:
2.0 originally posted 2007-07-11
SOFTWARE:
Macromedia Flash Player 8.x
http://secunia.com/product/6153/
Macromedia Flash Player 7.x
http://secunia.com/product/2634/
Adobe Flash Player 9.x
http://secunia.com/product/11901/
Adobe Flash CS3
http://secunia.com/product/14231/
Macromedia Flash 8.x
http://secunia.com/product/7024/
Adobe Flex 2.x
http://secunia.com/product/14760/
DESCRIPTION:
Some vulnerabilities have been reported in Adobe Flash Player, which
can be exploited by malicious people to gain knowledge of sensitive
information or compromise a user's system.
1) An input validation error can be exploited to execute arbitrary
code when a user e.g. visits a malicious website.
The vulnerability affects versions 9.0.45.0 and prior.
2) An error within the interaction of Flash Player and certain
browsers can be exploited to leak key presses to a Flash Player
applet.
The vulnerability affects versions 7.0.69.0 and prior on Linux and
Solaris. It does not affect Flash Player 9.
A bug has also been reported in the validation of the HTTP Referer in
versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site
Request Forgery) attacks.
SOLUTION:
Apply updates.
Flash Player 9.0.45.0 and earlier (update to version 9.0.47.0):
http://www.adobe.com/go/getflash
Flash Player 9.0.45.0 and earlier - network distribution (update to
version 9.0.47.0):
http://www.adobe.com/licensing/distribution
Flash CS3 Professional (update to version 9.0.47.0):
http://www.adobe.com/support/flashplayer/downloads.html
Flash Professional 8, Flash Basic (update to version 8.0.35.0):
http://www.adobe.com/support/flashplayer/downloads.html
Flex 2.0 (update to version 9.0.47.0):
http://www.stage.adobe.com/support/flashplayer/downloads.html#fp9
Flash Player version 7.0.70.0 for Linux and Solaris reportedly fixes
vulnerability #2 for Opera and Konqueror browsers.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stefano DiPaola, Elia Florio, and Giorgio
Fedon.
2) The vendor credits Mark Hills.
CHANGELOG:
2007-07-11: Updated "Solution" section and added additional affected
products.
ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb07-12.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed