Adobe Flash Player Code Execution and Clickjacking Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 26 Feb 2009 4820 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Adobe Flash Player, which could be exploited by attackers to gain knowledge of sensitive information, manipulate certain data, cause a denial of service or compromise a vulnerable system.

1. A vulnerability is caused by an invalid object references when creating and destroying certain objects during the processing of a Shockwave Flash file, which could allow attackers to execute arbitrary code by tricking a user into visitig a malicious web page.

2. A vulnerability is caused by an unspecified input validation error, which could be exploited to cause a denial of service or potentially execute arbitrary code.

3. A vulnerability is caused by an unspecified error related to the Settings Manager, which could be exploited to conduct clickjacking attacks.

4. A vulnerability is caused by an unspecified error related to mouse pointer display, which could be exploited to conduct clickjacking attacks against Windows systems.

5. A vulnerability is caused by an unspecified information disclosure issue in the Flash Player binary for Linux, which could be exploited by local attackers to gain elevated privileges.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Adobe Flash Player version 10.0.12.36 and prior
  • Adobe Flash Player version 10.0.15.3 for Linux and prior
  • Adobe AIR 1.5
  • Adobe Flash CS4 Professional
  • Adobe Flash CS3 Professional
  • Adobe Flex 3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Flash Player 9.x:
Update to version 9.0.159.0.
http://www.adobe.com/go/kb406791

Flash Player 10.0.12.36 and prior:
Update to version 10.0.22.87.
http://www.adobe.com/go/getflash

Flash Player 10.0.12.36 and prior (network distribution):
Update to version 10.0.22.87.
http://www.adobe.com/licensing/distribution

Flash Player 10.0.15.3 and prior for Linux:
Update to version 10.0.22.87.
http://www.adobe.com/go/getflash

AIR 1.5:
Update to version 1.5.1.
http://get.adobe.com/air

Flash CS4 Professional:
Update to version 10.0.22.87.
http://www.adobe.com/support/flashplayer/downloads.html#fp10

Flash CS3 Professional:
Update to version 9.0.159.0.
http://www.adobe.com/support/flashplayer/downloads.html#fp9

Flex 3:
Update to version 10.0.22.87.
http://www.adobe.com/support/flashplayer/downloads.html#fp9

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Office Excel Invalid Object Reference Vulnerability

25 Feb 2009 4592 Views

Next

Novell eDirectory iMonitor Buffer Overflow Vulnerability

2 Mar 2009 4750 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY