|
Adobe Flash Player Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA28083
|
|
|
Release Date:
|
2008-04-09
|
|
Last Update:
|
2008-05-23
|
|
Popularity:
|
43,365 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Adobe Flash Player 9.x
|
|
|
Binary Analysis:
|
BA344 :: Available for 1 Credit 
BA492 :: Available for 1 Credit
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 2 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Solution:
Update to a fixed version.
-- Flash Player 9.0.115.0 and earlier --
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash
-- Flash Player 9.0.115.0 and earlier - network distribution --
Update to version 9.0.124.0.
http://www.adobe.com/licensing/distribution
-- Flex 3.0 --
Update to version 9.0.124.0.
http://www.adobe.com/support/flashplayer/downloads.html#fp9
-- AIR 1.0 --
Update to version 1.0.1.
http://www.adobe.com/go/getair
Provided and/or discovered by:
1) Alin Rad Pop, Secunia Research. The vendor also credits Javier Vicente Vallejo and Shane Macaulay, reported via ZDI.
2) Reported independently by:
* Mark Dowd, ISS X-Force.
* wushi of team509, reported via ZDI.
3) The vendor credits:
* Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University.
* Tom Gallagher, Microsoft.
4) Ernst and Young's Advanced Security Center.
5) Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC.
6) Rich Cannings of the Google Security Team and Stefano Di Paola of Minded Security.
Changelog:
2008-04-09: Corrected vendor links in the "Solution" section.
2008-04-28: Added link to US-CERT.
2008-05-23: Added ZDI link to the "Original Advisory" section.
Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Secunia Research:
http://secunia.com/secunia_research/2007-103/
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-021/
http://www.zerodayinitiative.com/advisories/ZDI-08-032/
ISS X-Force:
http://www.iss.net/threats/289.html
Other References:
SA28161:
http://secunia.com/advisories/28161/
US-CERT VU#159523:
http://www.kb.cert.org/vuls/id/159523
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
