Wednesday, December 19, 2007 8:35 AM
cmosby
SANS Internet Storm Center - Adobe Flash Player and GoLive security updates
Adobe Flash Player and GoLive security updates
Published: 2007-12-19,
Last Updated: 2007-12-19 07:44:21 UTC
by Maarten Van Horenbeeck (Version: 1)
Adobe has released updates which fix several critical vulnerabilities in Flash Player and GoLive.
Flash Player 9.0.48.0, 8.0.35.0 and 7.0.70.0 and earlier are affected by CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246 and CVE-2007-5476.
Several of the issues resolved are input validation errors, which could allow an attacker to execute arbitrary code through content delivered from a web location. This update resolves issues reported on various platforms (Mac OS, Linux, Windows). Adobe strongly recommends users of this version to upgrade to Flash Player 9.0.115.0 which can be downloaded from a link in their bulletin.
GoLive 9 and GoLive CS2 are affected by CVE-2007-2244 and CVE-2007-2365. These vulnerabilities are somewhat more difficult to exploit, but they can be exploited by convincing a user to include crafted BMP, DIB, RLE or PNG content into a GoLive document. Impact remains execution of arbitrary code, so we strongly recommend implementing the update.
Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
Filed under: Internet Applications, Security