‫ Adobe Flash Player Multiple Vulnerabilities

IRCAD2012021730
 
ID: IRCAD2012021730
Release Date: 2012-02-16
Criticality level: Highly critical
 
Software:
Adobe Flash Player 11.x
 
Description:
Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

1) An unspecified error in an ActiveX Control can be exploited to corrupt memory.

2) A type confusion error can be exploited to corrupt memory.

3) An unspecified error related to MP4 parsing can be exploited to corrupt memory.

4) An unspecified error can be exploited to corrupt memory.

5) An unspecified error can be exploited to bypass certain security restrictions.

6) An unspecified error can be exploited to bypass certain security restrictions.

Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code.

7) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

NOTE: This vulnerability is reportedly being actively exploited in targeted attacks.

The vulnerabilities are reported in the following products:
* Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris
* Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x
* Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior
 
 Solution
Update to a fixed version.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 29 بهمن 1390

امتیاز

امتیاز شما
تعداد امتیازها:0