Update Flash – CRITICAL

VULNERABILITY ALERT
ADOBE FLASH PLAYER FLAWS ENABLE SMORGASBORD OF EXPLOITS
SEVERITY: High
19 December, 2007

SUMMARY:

* These vulnerabilities affect: Adobe Flash Player 9.0.48.0 and
earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier, on
Windows, OS X, Unix and Linux computers

* How an attacker exploits them: By enticing one of your users into
playing a maliciously crafted Flash (.SWF) file

* Impact: Numerous flaws, various results. In the worst case, an
attacker could execute code on the victim’s computer, and take
control

* What to do: Deploy Flash Player 9.0.115.0 as soon as possible

REFERENCES:

* Adobe’s Flash Player Alert http://tinyurl.com/3xquvj

* Written for developers: “Security Changes in Flash Player 9” http://tinyurl.com/3xfus9

* Rapid7 security advisory on “HTTP Header Injection Vulnerabilities
in Flash Player” http://download2.rapid7.com/r7-0026/

* Forging HTTP Request Headers with Flash http://tinyurl.com/38onf3

Leave a Reply