|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Jan 13 2010 - 19:57:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Accurate Vulnerability Scanning
No more false positives, no more false negatives
http://secunia.com/vulnerability_scanning/
----------------------------------------------------------------------
TITLE:
Microsoft Windows Flash Player Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA27105
VERIFY ADVISORY:
http://secunia.com/advisories/27105/
DESCRIPTION:
Secunia Research has discovered a vulnerability in Windows XP, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error in the
bundled version of Flash Player when unloading Flash objects while
these are still being accessed using script code. This can be
exploited to corrupt memory via a specially crafted web page.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Flash Player bundled with a fully
patched Windows XP SP2 and is also confirmed in an old version 6.0.79
of Adobe Flash Player.
NOTE: The version of Flash Player bundled with Windows XP is also
affected by a number of other vulnerabilities previously disclosed
and fixed in later versions of Adobe Flash Player.
SOLUTION:
Uninstall the bundled version of Flash Player and optionally install
the latest supported version of Flash Player from Adobe.
PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram and Dyon Balding, Secunia Research.
The vendor also credits:
* Will Dormann of CERT/CC.
* TippingPoint and the Zero Day Initiative.
CHANGELOG:
2010-01-13: Added link to US-CERT and Microsoft advisories. Updated
credits.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-77/
Microsoft:
http://www.microsoft.com/technet/security/advisory/979267.mspx
US-CERT VU#204889:
http://www.kb.cert.org/vuls/id/204889
OTHER REFERENCES:
How to remove the Flash Player ActiveX control:
http://kb2.adobe.com/cps/127/tn_12727.html
How to uninstall the Adobe Flash Player plug-in and ActiveX control:
http://kb2.adobe.com/cps/141/tn_14157.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]