Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - Adobe Flash Player and GoLive security updates InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Flash Player and GoLive security updates

Published: 2007-12-19
Last Updated: 2007-12-19 07:44:21 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Adobe has released updates which fix several critical vulnerabilities in Flash Player and GoLive.

Flash Player 9.0.48.0, 8.0.35.0 and 7.0.70.0 and earlier are affected by CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246 and CVE-2007-5476.

Several of the issues resolved are input validation errors, which could allow an attacker to execute arbitrary code through content delivered from a web location. This update resolves issues reported on various platforms (Mac OS, Linux, Windows). Adobe strongly recommends users of this version to upgrade to Flash Player 9.0.115.0 which can be downloaded from a link in their bulletin.

GoLive 9 and GoLive CS2 are affected by CVE-2007-2244 and CVE-2007-2365. These vulnerabilities are somewhat more difficult to exploit, but they can be exploited by convincing a user to include crafted BMP, DIB, RLE or PNG content into a GoLive document. Impact remains execution of arbitrary code, so we strongly recommend implementing the update.

Keywords:
0 comment(s)
Diary Archives