Description: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system.
1) A boundary error during the handling of strings dynamically generated at runtime can be exploited to cause a buffer overflow via an overly long string.
Successful exploitation allows execution of arbitrary code when e.g. visiting a malicious website.
2) An unspecified error allows bypassing the "allowScriptAccess" option.
3) Using a "Shockwave Flash Object", it is possible to execute Flash files containing JavaScript embedded in Office documents automatically when the Office document is opened.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution: Update to version 9.0.16.0 or another fixed version (see the vendor advisory for details).
Provided and/or discovered by: 1) Stuart Pearson, Computer Terrorism UK Ltd.
2) Reported by the vendor.
3) Debasis Mohanty
Changelog: 2006-09-13: Updated advisory with additional information.
2006-09-18: Added link to US-CERT.
2006-09-20: Added link to US-CERT vulnerability note.
2007-01-02: Added CVE reference.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
