|
Adobe Flash Player Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA28161
|
|
|
Release Date:
|
2007-12-19
|
|
Last Update:
|
2008-03-25
|
|
Popularity:
|
38,976 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Unknown
Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Adobe Flash CS3
Adobe Flash Player 9.x
Adobe Flex 2.x
Macromedia Flash 8.x
Macromedia Flash Player 7.x
Macromedia Flash Player 8.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 2 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Solution:
Update to version 9.0.115.0.
Flash Player 9.0.48.0:
http://www.stage.adobe.com/go/getflash
Flash Player 9.0.48.0 and earlier - network distribution:
http://www.stage.adobe.com/licensing/distribution
Flash CS3 Professional:
http://www.adobe.com/support/flash/downloads.html
Flex 2.0:
http://www.stage.adobe.com/support/flashplayer/downloads.html#fp9
The vulnerabilities are also fixed in Flash Player 7.0.73.0, which is available for operating systems that are not supported by Flash Player 9.
NOTE: This is reportedly the final security bulletin that Adobe will supply for users of Adobe Flash Player 7 (formerly Macromedia Flash Player 7).
Provided and/or discovered by:
1) The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team.
2) Aaron Portnoy of TippingPoint DVLabs.
3) The vendor credits Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University.
4, 7) Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC.
5) The vendor credits Rich Cannings of the Google Security Team.
6) Collin Jackson and Adam Barth of Stanford University.
8) David Neu
9) The vendor credits Jesse Michael and Thomas Biege of SUSE.
10) The vendor credits Opera.
Changelog:
2007-12-20: Updated advisory with additional information. Added link to US-CERT. Updated "Original Advisory" section.
2007-12-25: Updated credits and "Original Advisory" sections.
2008-01-04: Update "Solution" section with patch information for Flash Player 7.x. Added CVE-Reference.
2008-02-06: Updated the advisory based on additional vendor information on the availability of a Solaris version.
2008-03-25: Added link to US-CERT.
Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb07-20.html
TippingPoint DVLabs:
http://dvlabs.tippingpoint.com/advisory/TPTI-07-21
JVN:
http://jvn.jp/jp/JVN%2345675516/index.html
http://jvn.jp/jp/JVN%2350876069/index.html
Stanford:
http://crypto.stanford.edu/advisories/CVE-2007-6244/
David Neu:
http://scan.flashsec.org/
Other References:
SA27543:
http://secunia.com/advisories/27543/
SA27277:
http://secunia.com/advisories/27277/
US-CERT VU#758769:
http://www.kb.cert.org/vuls/id/758769
US-CERT VU#935737:
http://www.kb.cert.org/vuls/id/935737
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
