Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system.
1) An unspecified error can be exploited to corrupt memory and execute arbitrary code via specially crafted SWF content.
2) The control has been built using a vulnerable version of ATL, which may be exploited to disclose memory content, bypass security features like kill-bits, and corrupt memory to execute arbitrary code when used in Internet Explorer.
Provided and/or discovered by: 1) Reported as a 0-day (the vendor also credits lakehu, Tencent Security Center).
2) David Dewey of IBM ISS X-Force, Ryan Smith of iDefense Labs, and Microsoft Vulnerability Research Program.
3) The vendor credits Mike Wroe.
4) Reported by an anonymous person via iDefense.
5,6) The vendor credits Chen Chen, Venustech.
7) The vendor credits Joran Benker.
8) Jun Mao, iDefense Labs.
9) Roee Hay, IBM Rational Application Security.
10) The vendor credits Microsoft Vulnerability Research Program (MSVR).
Original Advisory: Adobe:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Adobe Flash Player Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.