Status Tracking Note JVNTR-2010-02

Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities (TA10-012B)

Microsoft has released updates to address a vulnerability in the Windows Embedded Open Type (EOT) font engine. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.

Event Information

Date (UTC)	Description
2010-01-19 21:16	Symantec ThreatCON (2) => (2) The ThreatCon is at level 2. Microsoft has released a security advisory and mitigation for a new unpatched vulnerability affecting Internet Explorer.
2010-01-13 06:54	Microsoft ms10-jan: Microsoft Security Bulletin Summary for January 2010 Included in this advisory are updates for newly discovered vulnerabilities.
2010-01-13 02:55	JPCERT/CC JPCERT-AT-2010-0002: January 2010 Microsoft Security Bulletin
2010-01-13 01:33	Microsoft Microsoft Security Advisory (979267): Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP.
2010-01-12 23:27	US-CERT TA10-012B: Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities Via US-CERT Mailing List
2010-01-12 21:16	SANS Internet Storm Center Microsoft Advices XP Users to Uninstall Flash Player 6 As part of today's bulletin release, Microsoft advices users of Windows XP to uninstall Flash Player 6 which is installed with Windows XP. Affected users should upgrade to the latest version or Flash Player which is available for download from Adobe.
2010-01-12 19:48	SANS Internet Storm Center Microsoft Security Bulletin: January 2010 Overview of the January 2010 Microsoft patch and status.
2010-01-12 18:07	US-CERT Microsoft Releases January Security Bulletin US-CERT Current Activity Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010.
2010-01-12 12:27	Adobe Microsoft Security Advisory (979267) Adobe Product Security Incident Response Team (PSIRT)
2010-01-07 19:23	Microsoft ms10-jan: Microsoft Security Bulletin Advance Notification for January 2010 Included in this advisory are updates for newly discovered vulnerabilities.
2007-10-18	Secunia Research 2007-77: Microsoft Windows Flash Player Movie Unloading Vulnerability Vulnerability Reported The vulnerability is caused by a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page.

Reference


Date first published (UTC):	2010-01-20T13:19+00:00
Date last updated (UTC):	2010-01-20T13:19+00:00