Adobe
Archived Posts from this Category
[Adobe] Adobe Flash Player Multiple Vulnerabilitie
TITLE:
Adobe Flash Player Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26027
VERIFY ADVISORY:
http://secunia.com/advisories/26027/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
From remote
REVISION:
2.0 originally posted 2007-07-11
SOFTWARE:
Macromedia Flash Player 8.x
http://secunia.com/product/6153/
Macromedia Flash Player 7.x
http://secunia.com/product/2634/
Adobe Flash Player 9.x
http://secunia.com/product/11901/
Adobe Flash CS3
http://secunia.com/product/14231/
Macromedia Flash 8.x
http://secunia.com/product/7024/
Adobe Flex 2.x
http://secunia.com/product/14760/
DESCRIPTION:
Some vulnerabilities have been reported in Adobe Flash Player, which can
be exploited by malicious people to gain knowledge of sensitive
information or compromise a user’s system.
1) An input validation error can be exploited to execute arbitrary code
when a user e.g. visits a malicious website.
The vulnerability affects versions 9.0.45.0 and prior.
2) An error within the interaction of Flash Player and certain browsers
can be exploited to leak key presses to a Flash Player applet.
The vulnerability affects versions 7.0.69.0 and prior on Linux and
Solaris. It does not affect Flash Player 9.
A bug has also been reported in the validation of the HTTP Referer in
versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site
Request Forgery) attacks.
SOLUTION:
Apply updates.
Flash Player 9.0.45.0 and earlier (update to version 9.0.47.0):
http://www.adobe.com/go/getflash
Flash Player 9.0.45.0 and earlier - network distribution (update to
version 9.0.47.0): http://www.adobe.com/licensing/distribution
Flash CS3 Professional (update to version 9.0.47.0):
http://www.adobe.com/support/flashplayer/downloads.html
Flash Professional 8, Flash Basic (update to version 8.0.35.0):
http://www.adobe.com/support/flashplayer/downloads.html
Flex 2.0 (update to version 9.0.47.0):
http://www.stage.adobe.com/support/flashplayer/downloads.html#fp9
Flash Player version 7.0.70.0 for Linux and Solaris reportedly fixes
vulnerability #2 for Opera and Konqueror browsers.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stefano DiPaola, Elia Florio, and Giorgio Fedon.
2) The vendor credits Mark Hills.
CHANGELOG:
2007-07-11: Updated “Solution” section and added additional affected
products.
ORIGINAL ADVISORY:
Adobe: http://www.adobe.com/support/security/bulletins/apsb07-12.html
0 comments Thursday 12 Jul 2007 | Guardian | Adobe