Wed, Jul 11 2007 6:01
Don
Adobe Flash Player Multiple Vulnerabilities
Description:
Some vulnerabilities have been reported in Adobe
Flash Player, which can be exploited by malicious people to gain
knowledge of sensitive information or compromise a user's system.
1) An input validation error can be exploited to execute arbitrary code when a user e.g. visits a malicious website.
The vulnerability affects versions 9.0.45.0 and prior.
2) An error within the interaction of Flash Player and certain browsers
can be exploited to leak key presses to a Flash Player applet.
The vulnerability affects versions 7.0.69.0 and prior on Linux and Solaris. It does not affect Flash Player 9.
A bug has also been reported in the validation of the HTTP Referer in
versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site
Request Forgery) attacks.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to version 9.0.47.0.
http://secunia.com/advisories/26027/
Filed under: Advisories / Bulletins