Secunia Advisory: SA34012
Release Date: 2009-02-25
Critical: Highly critical
Impact: Security Bypass
Exposure of sensitive information
Privilege escalation
System access
Where: From remote
Solution Status: Vendor Patch
Software:
Adobe AIR 1.x
Adobe Flash CS3
Adobe Flash CS4
Adobe Flash Player 10.x
Adobe Flash Player 9.x
Adobe Flex 3.x
Description:
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
1) An error when processing multiple references to an unspecified object can be exploited to dereference freed memory via a specially crafted SWF file.
Successful exploitation allows execution of arbitrary code.
2) An input validation error in the processing of SWF files can be exploited to cause a crash and potentially execute arbitrary code.
3) An error when displaying the mouse pointer on Windows can be exploited to potentially conduct "Clickjacking" attacks.
4) An error in the Linux Flash Player binary can be exploited to disclose sensitive information and potentially gain escalated privileges.
Solution:
Apply vendor updates.
Flash Player 9.x:
Update to version 9.0.159.0.
http://www.adobe.com/go/kb406791
Flash Player 10.0.12.36 and prior:
Update to version 10.0.22.87.
http://www.adobe.com/go/getflash
Dettagli bollettino Sicurezza
Aggiornatele sia per I.E che per Firefox
Per chi ha ancora la versione 9 ,consiglio di passare alla versione 10
Release Date: 2009-02-25
Critical: Highly critical
Impact: Security Bypass
Exposure of sensitive information
Privilege escalation
System access
Where: From remote
Solution Status: Vendor Patch
Software:
Adobe AIR 1.x
Adobe Flash CS3
Adobe Flash CS4
Adobe Flash Player 10.x
Adobe Flash Player 9.x
Adobe Flex 3.x
Description:
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
1) An error when processing multiple references to an unspecified object can be exploited to dereference freed memory via a specially crafted SWF file.
Successful exploitation allows execution of arbitrary code.
2) An input validation error in the processing of SWF files can be exploited to cause a crash and potentially execute arbitrary code.
3) An error when displaying the mouse pointer on Windows can be exploited to potentially conduct "Clickjacking" attacks.
4) An error in the Linux Flash Player binary can be exploited to disclose sensitive information and potentially gain escalated privileges.
Solution:
Apply vendor updates.
Flash Player 9.x:
Update to version 9.0.159.0.
http://www.adobe.com/go/kb406791
Flash Player 10.0.12.36 and prior:
Update to version 10.0.22.87.
http://www.adobe.com/go/getflash
Dettagli bollettino Sicurezza
Aggiornatele sia per I.E che per Firefox
Per chi ha ancora la versione 9 ,consiglio di passare alla versione 10
