[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CSIRTUK ADVISORY - 3530 - Adobe - Flash Player update available to address security vulnerabilities
CSIRTUK ADVISORY - 3530 dated 02.01.08 time 14:32
Centre for the Protection of National Infrastructure (CPNI)
Further details about CPNI, including information about our products
found at www.cpni.gov.uk
Please note that CSIRTUK RSS Feeds are available from:
3530 - Adobe Flash Player update available to address security
Title: 3530 - Adobe Flash Player update available to address security
Platform level affected:Net Application - Client
Specific operating systems components affected: 32-bit Windows
Net-enabled software: Other
Other software: Other
Remediation Summary:Update your copy of the software with the download
available from the supplier.
Applications affected:Flash Player
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Warning Status: Imminent
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Reliability of source: Trusted
CVE: CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243,
CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246,
Abstract: Descritpion of critical vulnerabilities that have been
identified in Adobe Flash Player.
Flash Player update available to address security vulnerabilities
Release date: December 18, 2007
Vulnerability identifier: APSB07-20
CVE number: CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007-
6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246,
Platform: All platforms
Affected software versions: Adobe Flash Player 18.104.22.168 and earlier,
22.214.171.124 and earlier, and 126.96.36.199 and earlier.
Critical vulnerabilities have been identified in Adobe Flash Player that
could allow an attacker who successfully exploits these potential
vulnerabilities to take control of the affected system. A malicious SWF
must be loaded in Flash Player by the user for an attacker to exploit
these potential vulnerabilities. Users are recommended to update to the
most current version of Flash Player available for their platform.
Further detail from
Affected software versions
Adobe Flash Player 188.8.131.52 and earlier, 184.108.40.206 and earlier, and
220.127.116.11 and earlier.
To verify the Adobe Flash Player version number, access the About Flash
Player page, or right-click on Flash content and select "About Adobe (or
Macromedia) Flash Player" from the menu. If you use multiple browsers,
perform the check for each browser you have installed on your system.
Adobe recommends all users of Adobe Flash Player 18.104.22.168 and earlier
versions upgrade to the newest version 22.214.171.124 (Win, Mac, Linux), by
downloading it from the Player Download Center, or by using the
auto-update mechanism within the product when prompted.
Adobe will be providing an update to Adobe Flash Player 126.96.36.199 for
Solaris at a later date. Customers can download and install the Flash
Player public beta, which addresses these vulnerabilities, from the
Adobe Labs site in the meantime.
For customers who cannot upgrade to Adobe Flash Player 9, Adobe has
developed a patched version of Flash Player 7. Please refer to the Flash
Player update TechNote.
Adobe categorizes this as a critical update and recommends affected
users upgrade to version 188.8.131.52 (Win, Mac, Linux).
CPNI values your feedback.
1. Which of the following most reflects the value of the advisory to
(Place an 'X' next to your choice)
Very useful:__ Useful:__ Not useful:__
2. If you did not find it useful, why not?
3. Any other comments? How could we improve our advisories?
Thank you for your contribution.
CSIRTUK wishes to acknowledge the contributions of Adobe for the
contained in this advisory.
This advisory contains information released by the original author. Some
information may have changed since it was released. If the issue affects
it may be prudent to retrieve the advisory from the site of the original
source to ensure that you receive the most current information
Reference to any specific commercial product, process, or service by
name, trademark manufacturer, or otherwise, does not constitute or imply
endorsement, recommendation, or favouring by CPNI. The views and
authors expressed within this notice shall not be used for advertising
product endorsement purposes.
CPNI shall not accept responsibility for any errors or omissions
within this advisory. In particular, they shall not be liable for any
damage whatsoever, arising from or in connection with the usage of
contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams
and has contacts with other international Incident Response Teams (IRTs)
order to foster cooperation and coordination in incident prevention, to
rapid reaction to incidents, and to promote information sharing amongst
members and the community at large.
<End of CPNI Advisory>
The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.