Welcome to PetForums

Join thousands of other pet owners and pet lovers on the UK's most popular and friendly pet community and discussion forum.

Sign Up

Adobe Flash Player and Adobe Reader Security Alert

Discussion in 'General Chat' started by testmg80, Jul 24, 2009.


  1. testmg80

    testmg80 PetForums VIP

    Joined:
    Jul 29, 2008
    Messages:
    1,441
    Likes Received:
    31
    From: US-CERT Technical Alerts <[email protected]>

    To: [email protected] <[email protected]>

    Subject: US-CERT Technical Cyber Security Alert TA09-204A -- Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1


    National Cyber Alert System

    Technical Cyber Security Alert TA09-204A


    Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

    Original release date: July 23, 2009
    Last revised: --
    Source: US-CERT


    Systems Affected

    * Adobe Flash Player 10.0.22.87 and earlier 10.x versions
    * Adobe Flash Player 9.0.159.0 and earlier 9.x versions
    * Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions


    Overview

    Adobe has released Security advisory APSA09-03, which describes a
    vulnerability affecting Adobe Flash. Other Adobe applications that
    include the Flash runtime, such as Adobe Reader 9, are also
    affected.


    I. Description

    Adobe Security Advisory APSA09-03 describes a vulnerability
    affecting the Adobe Flash player. Flash player version 10.0.22.87
    and earlier 10.x versions as well as Flash player version 9.0.159.0
    and earlier 9.x versions are affected.

    An attacker could exploit this vulnerability by convincing a user
    to visit a website that hosts a specially crafted SWF file. The
    Adobe Flash browser plugin is available for multiple web browsers
    and operating systems, any of which could be affected. An attacker
    could also create a PDF document that has an embedded SWF file to
    exploit the vulnerability.

    This vulnerability is being actively exploited.


    II. Impact

    This vulnerability allows a remote attacker to execute arbitrary
    code as the result of a user viewing a web page or opening a PDF
    document.


    III. Solution

    These vulnerabilities can be mitigated by disabling the Flash
    plugin or by using the NoScript extension for Mozilla Firefox or
    SeaMonkey to whitelist websites that can access the Flash plugin.
    For more information about securely configuring web browsers,
    please see the Securing Your Web Browser document. US-CERT
    Vulnerability Note VU#259425 has additional details, as well as
    information about mitigating the PDF document attack vector.

    Thanks to Department of Defense Cyber Crime Center/DCISE for
    information used in this document.


    IV. References

    * Vulnerability Note VU#259425 -
    <http://www.kb.cert.org/vuls/id/259425>

    * Security advisory for Adobe Reader, Acrobat and Flash Player -
    <http://www.adobe.com/support/security/advisories/apsa09-03.html>

    * Securing Your Web Browser -
    <http://www.us-cert.gov/reading_room/securing_browser/>

    * NoScript - <https://addons.mozilla.org/addon/722>

    ____________________________________________________________________

    The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA09-204A.html>
    ____________________________________________________________________

    Feedback can be directed to US-CERT Technical Staff. Please send
    email to <[email protected]> with "TA09-204A Feedback VU#259425" in
    the subject.
    ____________________________________________________________________

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
    ____________________________________________________________________

    Produced 2009 by US-CERT, a government organization.

    Terms of use:

    <http://www.us-cert.gov/legal.html>
    ____________________________________________________________________

    Revision History

    July 23, 2009: Initial release


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iQEVAwUBSminMXIHljM+H4irAQJL/Af+OIfCigCk+Fq8RRD5OgNDE/hHMOLaTw9E
    PX03+Om4N7tMTuuQvrTBhnZeZANGJwevmVwRGrsQ84PgRLwnEJAd6+MIm44zN4CS
    hq5G1yQfC8dTBeYGDwrxWmMDFKZaLMapIqtdEfUxUMxUEJcm4q2slcl82n3/VRGN
    wp7issDRg2uDuQQ5G5pLlHS8JchndHWbmFTt501XV0LGf7NiHAYq4hQ650AuVbJK
    o2u/LM6OGbFf1NYSfRSSPo0TzQ5D31BEjPnkcZWtvOykJM42cvLppCVg2fnCqgrc
    4jnhTtdxn9RUKVeLHeEpC0dWMrOTvqnu2BSc92XNAHpryts8fbp/ew==
    =8pdb
    -----END PGP SIGNATURE-----
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice