Status Tracking Note TRTA08-100A

Adobe Flash Updates for Multiple Vulnerabilities

Overview

Adobe has released Security advisory APSB08-11 to address multiple vulnerabilities affecting Adobe Flash. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
Event Information


Date (UTC)Description
2008-04-09 15:36 US-CERT
TA08-100A: Adobe Flash Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-04-09 11:34 US-CERT
Adobe Flash Player Vulnerabilities
US-CERT Current Activity
Adobe has released Flash Player 9.0.124.0 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or conduct cross-site scripting attacks.
2008-04-09 00:43 SANS Internet Storm Center
Critical vulnerabilities in Adobe Flash Player
Adobe has released a security bulletin today, APSB08-11, to address multiple vulnerabilities in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could lead to the potential execution of arbitrary code remotely. Additionally the update includes DNS rebinding attack and cross-domain policy countermeasures.
2008-04-08 IBM Internet Security Systems
Adobe Flash Player Invalid Pointer Vulnerability
Invalid Pointer Vulnerability (CVE-2007-0071)
Adobe Flash Player is vulnerable to a buffer overflow, caused by an integer overflow vulnerability in the processing of multimedia files. By creating a specially-crafted multimedia file and persuading the victim to open the file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
2008-04-08 Adobe
APSB08-11: Flash Player update available to address security vulnerabilities
Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. It is recommended users update to the most current version of Flash Player available for their operating system.
2008-02-07 Zero Day Initiative (ZDI)
ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
Invalid Object Use Vulnerability (CVE-2007-6019)
Vulnerability Reported
This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site.
2007-12-19 Secunia Research
2007-103: Adobe Flash Player "Declare Function (V7)" Heap Overflow
Invalid Object Use / Declare Function (V7) tag Vulnerability (CVE-2007-6019)
Vulnerability Reported


Date first published (UTC): 2008-04-13T21:18+00:00
Date last updated (UTC): 2008-05-06T22:57+00:00
Valid HTML 4.01!