A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when parsing ActionScript that adds a custom function to the prototype of a predefined class. This results in incorrect interpretation of an object (i.e. object type confusion) when calling the custom function, which causes an invalid pointer to be dereferenced.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following versions:
* Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
* Adobe Flash Player 10.2.154.25 and earlier for Chrome
* Adobe Flash Player 10.2.156.12 and earlier for Android
NOTE: The vulnerability is currently being actively exploited via Office Word documents (.doc) containing malicious Flash content.
Solution: Update to Flash Player 10.2.159.1 and AIR 2.6.19140.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Adobe Flash Player SharedObject Type Confusion Vulnerability
2. The installer will appear on the desk top. THE IMPORTANT BIT - Before agreeing to install check these programmes are completely shut down (use the Task Manager if necessary to COMPLETELY EXIT the running process):
a. All Browsers.
b. Windows Messenger.
d. All Adobe Products.
e. PSI - Unless using version 2
3. The new install will then remove all old files during the update process.
4. Complete a PSI rescan & all should be in order.
5. Delete the Flash installer file from the desktop.