It also addressed a bug in the Flash Player ActiveX control for IE that could be used to pilfer information, said Adobe, which credited a Microsoft researcher with reporting the problem. The update to Flash Player 10.0.42.34 fixed data injection and integer overflow vulnerabilities, patched a pair of memory corruption bugs, plugged a hole in JPEG image parsing and resolved "multiple crash vulnerabilities," the company's advisory said. Although Adobe committed earlier this year to releasing security fixes every three months for its Adobe Reader and Adobe Acrobat software, Flash Player remains on an ad hoc schedule.Įven so, Adobe piggybacked the Flash Player security patches with the six updates that Microsoft released the same day for Windows, Internet Explorer (IE) and Office. (CVE-2010-3639) Solution Upgrade to Flash Player 10.1.102.64 / 9.0.289 or later.Yesterday's update was the first for Flash Player since late July. (CVE-2010-3639) - Multiple memory corruption issues exists that could lead to arbitrary code execution. (CVE-2010-3638) - An unspecified issue exists which could lead to a denial-of-service or potentially arbitrary code execution. Note that this issue only affects Flash Player on Safari. (CVE-2010-3637) - An unspecified information disclosure vulnerability exists. (CVE-2010-3636) - A memory corruption vulnerability exists in the ActiveX component. (CVE-2010-3654) - An input validation issue exists that could lead to a bypass of cross-domain policy file restrictions with certain server encodings. Note that there are reports that this is being actively exploited in the wild. Versions of Flash Player 9.x earlier than 9.0.289 and 10.x earlier than 10.1.102.64 are potentially affected by multiple vulnerabilities : - A memory corruption vulnerability exists that could lead to code execution. Description The remote host has Adobe Flash Player installed. Synopsis The remote host contains a browser plugin that is vulnerable to multiple attack vectors.
0 kommentar(er)
