Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Adobe Flash Player SharedObject Type Confusion Vulnerability
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
Adobe Flash Player SharedObject Type Confusion Vulnerability
| Secunia | Adobe Flash Player SharedObject Type Confusion Vulnerability |
|---|---|
 |
23rd Apr, 2011 21:44 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when parsing ActionScript that adds a custom function to the prototype of a predefined class. This results in incorrect interpretation of an object (i.e. object type confusion) when calling the custom function, which causes an invalid pointer to be dereferenced. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in the following versions: * Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris * Adobe Flash Player 10.2.154.25 and earlier for Chrome * Adobe Flash Player 10.2.156.12 and earlier for Android NOTE: The vulnerability is currently being actively exploited via Office Word documents (.doc) containing malicious Flash content. |
| mommy_of_ten | RE: Adobe Flash Player SharedObject Type Confusion Vulnerability | ||||||||
|
23rd Apr, 2011 21:44 | ||||||||
| Score: 0 Posts: 1 User Since: 23rd Apr 2011 System Score: N/A Location: US Last edited on 23rd Apr, 2011 21:44 |
would this cause videos and games to not run properly? -- "Every saint has a past,Every sinner has a future" |
||||||||
|
|||||||||
| Maurice Joyce | RE: Adobe Flash Player SharedObject Type Confusion Vulnerability | ||||||||
|
23rd Apr, 2011 22:13 | ||||||||
| Score: 10552 Posts: 8,125 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Perhaps U are not aware but Secunia prefer users not to ask question on their Vulnerability Information Sub forum. That said, there is a patch available for this item. Just follow these steps & your question will not apply. UPDATING STANDALONE ADOBE FLASH Uninstall Flash using the uninstaller here: http://kb2.adobe.com/cps/141/tn_14157.html SAVE IT TO DESKTOP Before using the uninstaller COMPLETELY EXIT (just closing them is not sufficient) all these: a. All Browsers. b. Windows Messenger. c. Incredimail. d. Adobe Free Reader. e. PSI unless using Version 2. 1. Download & SAVE these to desktop. http://fpdownload.adobe.com/get/flashplayer/curren... & then here if U have any Gecko based browsers. http://fpdownload.adobe.com/get/flashplayer/curren... 2. The installer will appear on the desk top. THE IMPORTANT BIT - Before agreeing to install check these programmes are completely shut down (use the Task Manager if necessary to COMPLETELY EXIT the running process): a. All Browsers. b. Windows Messenger. c. Incredimail. d. All Adobe Products. e. PSI - Unless using version 2 3. The new install will then remove all old files during the update process. 4. Complete a PSI rescan & all should be in order. 5. Delete the Flash installer file from the desktop. If U want to double check Flash is working & the version installed click here: http://www.adobe.com/software/flash/about/ Update 4 17:41 19/04/2011 -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| RE: Adobe Flash Player SharedObject Type Confusion Vulnerability | [+] |
|
| This reply has been deleted | ||
| RE: Adobe Flash Player SharedObject Type Confusion Vulnerability | [+] |
|
| This reply has been deleted | ||
| RE: Adobe Flash Player SharedObject Type Confusion Vulnerability | [+] |
|
| This reply has been deleted | ||
| RE: Adobe Flash Player SharedObject Type Confusion Vulnerability | [+] |
|
| This reply has been deleted | ||
