US-CERT Technical Cyber Security Alert TA08-100A -- Adobe Flash

Reviews

Shared by: oas111

Tags

adobe flash player, cert technical cyber security alert, adobe flash, security advisory, the adobe, microsoft windows, microsoft updates, cyber security, flash updates, vulnerability notes, pgp signature, arbitrary code, security alert, security bulletin, flash player 9.0

Stats

views:: 0
rating:: not rated
reviews:: 0
posted:: 11/3/2009
language:: English
pages:: 0

Public Domain

US−CERT Technical Cyber Security Alert TA08−100A −− Adobe Flash Updates for Multiple Vulnerabilities US−CERT Technical Cyber Security Alert TA08−100A −− Adobe Flash Updates for Multiple Vulnerabilities Source: http://www.derkeiler.com/Mailing−Lists/Cert/2008−04/msg00002.html • From: CERT Advisory • Date: Wed, 9 Apr 2008 11:36:34 −0400 −−−−−BEGIN PGP SIGNED MESSAGE−−−−− Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08−100A Adobe Flash Updates for Multiple Vulnerabilities Original release date: April 9, 2008 Last revised: −− Source: US−CERT Systems Affected * Adobe Flash Player 9.0.115.0 and earlier * Adobe Flash Player 8.0.39.0 and earlier Overview Adobe has released Security advisory APSB08−11 to address multiple vulnerabilities affecting Adobe Flash. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. I. Description Adobe Security Advisory APSB08−011 addresses a number of vulnerabilities affecting the Adobe Flash player. Flash player versions 9.0.115.0 and earlier and 8.0.39.0 and earlier are affected. Further details are available in the US−CERT Vulnerability Notes Database. An attacker could exploit these vulnerabilities by convincing a user US−CERT Technical Cyber Security Alert TA08−100A −− Adobe Flash Updates for Multiple Vulnerabilities 1 US−CERT Technical Cyber Security Alert TA08−100A −− Adobe Flash Updates for Multiple Vulnerabilities to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected. II. Impact The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code or conduct cross−site scripting attacks. III. Solution Apply Updates Check with your operating system vendor for patches or updates. If you get the flash player from Adobe, see the Adobe Get Flash page for information about updates. Restrict access These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document. IV. References * Adobe Security Advisory APSB08−011 − * Adobe Flash Player Download Center −