Adobe Flash Player and AIR Multiple Code Execution Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Adobe Flash Player and AIR, which could be exploited by remote attackers to disclose sensitive information or compromise a vulnerable system.
1. Due to a memory corruption error when parsing JPEG data, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
2. Due to an unspecified data injection issue, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
3. Due to an unspecified memory corruption error, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
4. Due to an unspecified memory corruption error, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
5. Due to an unspecified integer overflow error, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
6. Due to unspecified memory corruption errors, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
7. Due to an unspecified error in the Flash Player ActiveX control, which could allow attackers to disclose local file names information on Windows.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Adobe Flash Player version 10.0.32.18 and prior
- Adobe AIR version 1.5.2 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Upgrade to Adobe Flash Player version 10.0.42.34 :
- http://get.adobe.com/flashplayer/ - Upgrade to Adobe AIR version 1.5.3 :
- http://get.adobe.com/air/
Vulnerability Identifier
Source
Related Link
Share with