LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Adobe Flash Player Multiple Unspecified Vulnerabilities (Highly Critical) (http://www.linuxquestions.org/questions/linux-security-4/adobe-flash-player-multiple-unspecified-vulnerabilities-highly-critical-482928/)

win32sux 09-12-2006 10:17 PM

Adobe Flash Player Multiple Unspecified Vulnerabilities (Highly Critical)
 
Quote:

Description:
Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system.

1) Various unspecified input validation errors may allow arbitrary code execution when e.g. visiting a malicious website.

2) An unspecified error can be exploited to bypass the "allowScriptAccess" option.

3) [...]

Solution:
Update to [...] fixed version (see the vendor advisory for details).
Secunia Advisory

NOTE: You can get the latest GNU/Linux version (7.x) here.

win32sux 09-13-2006 08:18 AM

Proof-Of-Concept Has Been Produced
 
Quote:

Computer Terrorism (UK) can confirm the un-disclosed production of a reliable multi-platform & multi-browser Web based Proof-Of-Concept (PoC). Such an exploit could be used in a web-based attack scenario, where unsuspecting users are lured to a maliciously constructed website.
More info at: Computer Terrorism (UK).

unSpawn 09-13-2006 09:48 AM

Good to know. I was wondering about PoC existence when you posted this yesterday.


All times are GMT -5. The time now is 11:14 PM.