Security Advisories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA09-343A -- Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR
From: US-CERT Technical Alerts <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Wed, 9 Dec 2009 14:07:53 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-343A


Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR

   Original release date: 
   Last revised: --
   Source: US-CERT


Systems Affected

     * Adobe Flash Player 10.0.32.18 and earlier versions
     * Adobe AIR 1.5.2 and earlier versions


Overview

   Adobe has released Security Bulletin APSB09-19, which describes
   vulnerabilities affecting Adobe Flash Player and Adobe AIR.


I. Description

   Adobe Security Bulletin APSB09-19 describes vulnerabilities
   affecting Adobe Flash Player and Adobe AIR. Flash Player version
   10.0.32.18 and earlier versions as well as Adobe AIR versions 1.5.2
   and earlier are affected.
   
   An attacker could exploit this vulnerability by convincing a user
   to visit a website that hosts a specially crafted SWF file. The
   Adobe Flash browser plugin is available for multiple web browsers
   and operating systems, any of which could be affected.


II. Impact

   This vulnerability allows a remote attacker to execute arbitrary
   code as the result of a user viewing a web page.


III. Solution

   Users are encouraged to update Flash Player 10.0.32.18 and earlier
   versions as well as Adobe AIR 1.5.2 and earlier versions to the
   latest version.
   
   These vulnerabilities can be mitigated by disabling the Flash
   plugin or by using the NoScript extension for Mozilla Firefox or
   SeaMonkey to whitelist websites that can access the Flash plugin.
   For more information about securely configuring web browsers,
   please see the Securing Your Web Browser document.


IV. References

 * Adobe Security Bulletin APSB09-19 -
   <http://www.adobe.com/support/security/bulletins/apsb09-19.html>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-343A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA09-343A Feedback VU#392637" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  December 09, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSx/yqtucaIvSvh1ZAQIqGwf+Ne0xmfPFETwdMHKUWtGxkHEcwFSH7p5r
eG3hm+Crz/chctWpsXBBQPzDtOMkNwLfkNq+/CatxY0MAl+2GCxCo2hhtznfTM5H
dYjw3Yu/Kj0lFfB6sfOJDVG42G8Etq6/b7IfSjt4eq2tUNAEhMlAwY/YXRMq9J1L
QCiu0MksEUJnmCeUmyU85xJSHhBTZpQ1O6628WjMWjAioOUFXFJw6WO0xlwqHbx3
EVk+budrlmHdW9IuhGvlfvGw9gqsbb8brR/dKe8HIwFcicYwMXuYN21+qPMlY806
AC7PbrTHaZN8DqgU9RV39aHDNE9oOmsassMQsNEVwaPAA45lGvH4qQ==
=+S2G
-----END PGP SIGNATURE-----

Powered by:

MHonArc