Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Critical vulnerabilities in Adobe Flash Player InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Critical vulnerabilities in Adobe Flash Player

Published: 2008-04-09
Last Updated: 2008-04-09 00:43:18 UTC
by Raul Siles (Version: 1)
0 comment(s)

Adobe has released a security bulletin today, APSB08-11, to address multiple vulnerabilities in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could lead to the potential execution of arbitrary code remotely. Additionally the update includes DNS rebinding attack and cross-domain policy countermeasures.

It is strongly recommended to update to the newest Adobe Flash Player version, 9.0.124.0!

Please, check your current Adobe Flash Player version on the "about" page (before and after applying the update), and run the test with all your Web browsers, such as IE (ActiveX control), Firefox and Safari. Each browser may have access to a different version and require a separate installation method. Specific instructions to update each OS and/or browser are available here, and remember you may require administrative access to your computer and restart your browser.

If you are a developer, check Adobe's warning about potential compatibility issues introduced by this update:
Due to the possibility that these security enhancements and changes may impact existing Flash content, content developers are advised to review this March 2008 Adobe Developer Center article to determine if the changes will affect their content, and to begin implementing necessary changes immediately to help ensure a seamless transition.

CVE's: CVE-2007-5275, CVE-2007-6243, CVE-2007-6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654

--
Raul Siles
www.raulsiles.com

Keywords: adobe flash
0 comment(s)
Diary Archives