Adobe plugs multi-platform Flash vulns | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

The Perfect (Virtual) Marriage
Deduplication and VMware
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Search Engine Link Spam
Risks, Threats, Solution
Solution Brief: Reduce Energy Costs
With Green IT Solutions
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security »

Adobe plugs multi-platform Flash vulns

A patch in time...

By John Leyden → More by this author

Published Thursday 20th December 2007 11:19 GMT

Adobe has published an update fixing numerous security vulnerabilities in Adobe Flash.

Earlier versions of Flash prior to 9.0.115.0 on multiple platforms (Mac OS, Linux, Windows) are subject to various security bugs that create the possibility of all sorts of mischief, including cross-site scripting attacks and information disclosure attacks. Denial of service or code injection attacks may also be possible. Several of the issues addressed involve input validation errors, which could allow an attacker to execute arbitrary code after tricking users of vulnerable Flash clients into opening content on maliciously-constructed websites.

Separately Adobe also patched bugs in its GoLive HTML editor. Exploitation of the bugs involves tricking a user into including crafted BMP, DIB, RLE or PNG content into a GoLive document. That's not the easiest exploit scenario but, since the flaws carry the possibility of injecting malicious code onto vulnerable systems, worth guarding against nonetheless. ®

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

6 comments posted — Comment period finished

Old news?

Posted: 12:42 20th December 2007

Flash oooeeeooo, savour of the universe

Posted: 13:55 20th December 2007

@archie

Posted: 19:17 20th December 2007

surprising

Posted: 01:44 21st December 2007

@archie

Posted: 10:45 21st December 2007

More comments…

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Buggy Flash code continues to plague the web (27 March 2008)
Adobe hands Kevin Lynch keys to CTO door (6 February 2008)
Major HTML update unveiled (22 January 2008)
Stay ahead of Web 2.0 worms (7 January 2008)
Google researcher calls for Flash flush (2 January 2008)
Serious Flash vulns menace at least 10,000 websites (21 December 2007)
With one bound, Apple is free of 54 security bugs (15 November 2007)
We'll beat Microsoft and Sun, says Adobe's chief software architect (18 October 2007)
Flash flaw may prompt Wii to 'hang' (24 July 2007)
Adobe takes on Java and .NET (6 February 2007)
Adobe patches Acrobat, Reader flaws (17 December 2004)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..

whitepaper title

Enforce Your Email and Web Acceptable Usage Policies

Unmanaged employee use of email and the web can subject any organization to costly risks. Learn how clearly written Email and Web Acceptable Usage Policies (AUPs) can protect your business.

Whitepapers	Jobs
Gartner Report: How IT Management Can "Green" the Data Center A Modern-Day Marriage of Business Benefit and Risk Reduction The Rising Concerns Over Endpoint Security Server Consolidation and Containment	Perl Consultant Database Administrator and Developer Remove non english characters small perl job Perl/Sybase Programmer Perl Developer Full-time PERL / CGI Programmer for UNIX environment

Top 20 stories • All The Week’s Headlines • Archive • Search