Status Tracking Note TRTA07-192A

Adobe Flash Player Updates for Multiple Vulnerabilities

Overview

There are critical vulnerabilities in Adobe Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information


Date (UTC)Description
2007-07-16 Bugtraq
Flash Player/Plugin Video file parsing Remote Code Execution POC
Flash Player fails to properly sanitize input (CVE-2007-3456) Proof Of Concept
#Cid: 07162007-flash_flv_9.0.45.0_exp.zip
#Cid: 24856.zip
2007-07-11 23:11 SANS Internet Storm Center
Adobe patches
Like admins have not enough to do on Reboot Wednesday, Adobe joined in the release of patches today:
2007-07-11 20:31 US-CERT
TA07-192A: Adobe Flash Player Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-07-11 16:19 US-CERT
Adobe Flash Player Multiple Vulnerabilities
Adobe Systems has released a Security bulletin to address multiple vulnerabilities in their Flash Player, some of which may allow an unauthenticated attacker to execute arbitrary code on an affected system. The Adobe Security bulletin further states that all operating systems with a vulnerable version of Flash Player are affected.
2007-07-11 07:00 JVN
JVN#72595280: Adobe Flash Player insufficiently validates HTTP Referer headers
2007-07-10 Adobe
APSB07-12: Flash Player update available to address security vulnerabilities
Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system.


Date first published (UTC): 2007-07-12T15:12+00:00
Date last updated (UTC): 2007-07-22T19:46+00:00