Adobe Flash Player and AIR Multiple Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 3 Aug 2009 4485 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Adobe Flash Player and AIR, which could be exploited by attackers to bypass security restrictions, disclose sensitive information or compromise a vulnerable system. These issues are caused by memory corruption, buffer overflow, privilege escalation, null pointer, sandbox bypass, and input validation errors when processing specially crafted web pages or animations, which could be exploited to execute arbitrary code, gain elevated privileges, gain knowledge of certain information and conduct clickjacking attacks.

Impact

  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Adobe Flash Player version 9.0.159.0 and prior
  • Adobe Flash Player version 10.0.22.87 and prior
  • Adobe AIR version 1.5.1 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Adobe Flash Player version 9.0.246.0 or 10.0.32.18 :
http://www.adobe.com/go/getflashplayer

Upgrade to Adobe AIR version 1.5.1 :
http://get.adobe.com/air

Vulnerability Identifier

Source

Related Link

Share with

Previous

Adobe Flash/Shockwave Player Active Template Library Vulnerability

30 Jul 2009 4530 Views

Next

Mozilla Products NSS Code Execution and Security Bypass Vulnerabilities

4 Aug 2009 4442 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY