Adobe Flash Player and AIR Multiple Code Execution Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilitieshave been identified in Adobe Flash and AIR, which could be exploited by attackers to disclose sensitive information or compromise a vulnerable system.
1. Due to a memory corruption error in the ActionScript Virtual Machine 1 (AVM1) when processing the "ActionPush" command, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
2. Due to an unspecified memory corruption error, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
3. Due to unspecified memory corruption errors, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
4. Due to a memory corruption error within the "connect()" method exposed via the ActionScript native object number 2200, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
5. Due to unspecified memory corruption errors, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.
6. Due to an unspecified error which could allow click-jacking attacks.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Adobe Flash Player version 10.1.53.64 and prior
- Adobe AIR version 2.0.2.12610 and prior
- Adobe Flash Professional CS5
- Adobe Flash CS4 Professional
- Adobe Flash CS3 Professional
- Adobe Flex 4
- Adobe Flex 5
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Flash version 10.1.82.76 :
- http://www.adobe.com/go/getflash - Upgrade to AIR version 2.0.3 :
- http://get.adobe.com/air
Vulnerability Identifier
Source
Related Link
Share with