Skip to main content

Adobe Flash Player and AIR Multiple Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 10 Dec 2009 5395 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Adobe Flash Player and AIR, which could be exploited by remote attackers to disclose sensitive information or compromise a vulnerable system.

1. Due to a memory corruption error when parsing JPEG data, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

2. Due to an unspecified data injection issue, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

3. Due to an unspecified memory corruption error, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

4. Due to an unspecified memory corruption error, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

5. Due to an unspecified integer overflow error, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

6. Due to unspecified memory corruption errors, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

7. Due to an unspecified error in the Flash Player ActiveX control, which could allow attackers to disclose local file names information on Windows.


Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Adobe Flash Player version 10.0.32.18 and prior
  • Adobe AIR version 1.5.2 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link