If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
US CERT - Adobe Flash Player 8 and 9
As previously discussed, using Flash can be an opening to attack.
Here is another warning about vulnerabiliies. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-100A Adobe Flash Updates for Multiple Vulnerabilities Original release date: April 9, 2008 Last revised: -- Source: US-CERT Systems Affected * Adobe Flash Player 9.0.115.0 and earlier * Adobe Flash Player 8.0.39.0 and earlier Overview Adobe has released Security advisory APSB08-11 to address multiple vulnerabilities affecting Adobe Flash. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. I. Description Adobe Security Advisory APSB08-011 addresses a number of vulnerabilities affecting the Adobe Flash player. Flash player versions 9.0.115.0 and earlier and 8.0.39.0 and earlier are affected. Further details are available in the US-CERT Vulnerability Notes Database. An attacker could exploit these vulnerabilities by convincing a user to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected. II. Impact The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code or conduct cross-site scripting attacks. III. Solution Apply Updates Check with your operating system vendor for patches or updates. If you get the flash player from Adobe, see the Adobe Get Flash page for information about updates. Restrict access These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document. IV. References * Adobe Security Advisory APSB08-011 - http://www.adobe.com/support/security/bulletins/apsb08-11.html * Adobe Flash Player Download Center - http://www.adobe.com/go/getflash * Understanding Flash Player 9 April 2008 Security Update compatibility - http://www.adobe.com/devnet/flashpla...9_security_upd ate.html * US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011 - http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011 * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ __________________________________________________ _______________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA08-100A.html __________________________________________________ _______________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-100A Feedback VU#347812" in the subject. __________________________________________________ _______________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ _______________ Produced 2008 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History April 9, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR/zdXPRFkHkM87XOAQIR+ggAk0+t7keRs7OzyAsdG12UtFjyxhee X9Xi Zl5UNxlnrUIAxe4eO0ySC+7TQm1MaJrBW2yWN7nbtf0pMGRfSu dG78kv2KdVqT4o SIrFhxIW+a4g2bFh56TEhZGRitMI+Yg3P0YyDA//svYvAQTXoEnBM0I4TBEYkb5C d2X5O6cEJHpdz6yTlox0lnQb5fkpVsqGqnzagWtBAufEA482e1 LeRiz/ehSs/SRa iSbkadW30ZStsrRIrF1E7QRS1BF1QZ96C/5pgxl44zBb4d4+Dhjkk21S0hUjI/hm FFKom4BrBaON+dRpsAWTDwxhM0Dib3YfskvKrdNic+lQ5ow/Mnp0Pg== =SC0g -----END PGP SIGNATURE----- |
#2
|
|||
|
|||
US CERT - Adobe Flash Player 8 and 9
MEB wrote:
| As previously discussed, using Flash can be an opening to attack. | Here is another warning about vulnerabiliies. ....snip | III. Solution | * Adobe Flash Player Download Center - | http://www.adobe.com/go/getflash ....snip... Thanks, MEB. The upgrade went quick & well & without a reboot. I am now v.9.0.124.0, as shown at... (a) Open Explorer to C:\Windows\Downloaded Program Files. (b) R-Clk "Shockwave Flash Object" in R-Pane, & select Properties, Version tab. Note: I had to go to the site to do it! It did not work to R-Clk the object I had & select to update it! -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, Should things get worse after this, PCR |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined | MEB[_2_] | General | 14 | December 23rd 07 07:19 AM |
What is Adobe Atmosphere Player 1.0 | Angel | General | 20 | October 16th 07 11:54 AM |
Flash Player | Bill in Co. | General | 0 | November 21st 06 07:49 AM |
How to get rid of Adobe Flash Player 9 security warnings? | mistral | General | 8 | September 12th 06 10:16 AM |
flash player | jay | Software & Applications | 0 | June 5th 04 04:56 AM |