A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

US CERT - Adobe Flash Player 8 and 9



 
 
Thread Tools Display Modes
  #1  
Old April 10th 08, 05:09 AM posted to microsoft.public.win98.gen_discussion
MEB[_2_]
External Usenet User
 
Posts: 1,626
Default US CERT - Adobe Flash Player 8 and 9

As previously discussed, using Flash can be an opening to attack.
Here is another warning about vulnerabiliies.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA08-100A


Adobe Flash Updates for Multiple Vulnerabilities

Original release date: April 9, 2008
Last revised: --
Source: US-CERT

Systems Affected

* Adobe Flash Player 9.0.115.0 and earlier
* Adobe Flash Player 8.0.39.0 and earlier

Overview

Adobe has released Security advisory APSB08-11 to address multiple
vulnerabilities affecting Adobe Flash. The most severe of these
vulnerabilities could allow a remote attacker to execute arbitrary
code.

I. Description

Adobe Security Advisory APSB08-011 addresses a number of
vulnerabilities affecting the Adobe Flash player. Flash player
versions 9.0.115.0 and earlier and 8.0.39.0 and earlier are affected.
Further details are available in the US-CERT Vulnerability Notes
Database.

An attacker could exploit these vulnerabilities by convincing a user
to visit a website that hosts a specially crafted SWF file. The Adobe
Flash browser plugin is available for multiple web browsers and
operating systems, any of which could be affected.

II. Impact

The impacts of these vulnerabilities vary. The most severe of these
vulnerabilities allows a remote attacker to execute arbitrary code or
conduct cross-site scripting attacks.

III. Solution

Apply Updates

Check with your operating system vendor for patches or updates. If you
get the flash player from Adobe, see the Adobe Get Flash page for
information about updates.

Restrict access

These vulnerabilities can be mitigated by disabling the Flash plugin
or by using the NoScript extension to whitelist websites that can
access the Flash plugin. For more information about securely
configuring web browsers, please see the Securing Your Web Browser
document.

IV. References

* Adobe Security Advisory APSB08-011 -
http://www.adobe.com/support/security/bulletins/apsb08-11.html

* Adobe Flash Player Download Center -
http://www.adobe.com/go/getflash

* Understanding Flash Player 9 April 2008 Security Update
compatibility -

http://www.adobe.com/devnet/flashpla...9_security_upd
ate.html

* US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011 -
http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011

* Securing Your Web Browser -
http://www.us-cert.gov/reading_room/securing_browser/

__________________________________________________ _______________

The most recent version of this document can be found at:

http://www.us-cert.gov/cas/techalerts/TA08-100A.html
__________________________________________________ _______________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA08-100A Feedback VU#347812" in the
subject.
__________________________________________________ _______________

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html.
__________________________________________________ _______________

Produced 2008 by US-CERT, a government organization.

Terms of use:

http://www.us-cert.gov/legal.html
__________________________________________________ __________________

Revision History

April 9, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR/zdXPRFkHkM87XOAQIR+ggAk0+t7keRs7OzyAsdG12UtFjyxhee X9Xi
Zl5UNxlnrUIAxe4eO0ySC+7TQm1MaJrBW2yWN7nbtf0pMGRfSu dG78kv2KdVqT4o
SIrFhxIW+a4g2bFh56TEhZGRitMI+Yg3P0YyDA//svYvAQTXoEnBM0I4TBEYkb5C
d2X5O6cEJHpdz6yTlox0lnQb5fkpVsqGqnzagWtBAufEA482e1 LeRiz/ehSs/SRa
iSbkadW30ZStsrRIrF1E7QRS1BF1QZ96C/5pgxl44zBb4d4+Dhjkk21S0hUjI/hm
FFKom4BrBaON+dRpsAWTDwxhM0Dib3YfskvKrdNic+lQ5ow/Mnp0Pg==
=SC0g
-----END PGP SIGNATURE-----


  #2  
Old April 12th 08, 06:13 AM posted to microsoft.public.win98.gen_discussion
PCR
External Usenet User
 
Posts: 4,396
Default US CERT - Adobe Flash Player 8 and 9

MEB wrote:
| As previously discussed, using Flash can be an opening to attack.
| Here is another warning about vulnerabiliies.
....snip
| III. Solution

| * Adobe Flash Player Download Center -
| http://www.adobe.com/go/getflash
....snip...

Thanks, MEB. The upgrade went quick & well & without a reboot. I am now
v.9.0.124.0, as shown at...

(a) Open Explorer to C:\Windows\Downloaded Program Files.
(b) R-Clk "Shockwave Flash Object" in R-Pane, & select Properties,
Version tab.

Note: I had to go to the site to do it! It did not work to R-Clk the
object I had & select to update it!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR



 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined MEB[_2_] General 14 December 23rd 07 08:19 AM
What is Adobe Atmosphere Player 1.0 Angel General 20 October 16th 07 11:54 AM
Flash Player Bill in Co. General 0 November 21st 06 08:49 AM
How to get rid of Adobe Flash Player 9 security warnings? mistral General 8 September 12th 06 10:16 AM
flash player jay Software & Applications 0 June 5th 04 04:56 AM


All times are GMT +1. The time now is 12:29 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.