Friday, November 5, 2010

Flash Player Security Update

Adobe has released updated version of their Flash Player. The new version fixes a bunch of vulnerabilities:
- a memory corruption vulnerability that could lead to code execution (CVE-2010-3654). More information

- an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).

- a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).

- an information disclosure vulnerability (Macintosh platform, Safari browser only) (CVE-2010-3638).

- a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).

- multiple memory corruption vulnerabilities that could lead to code execution:
* (CVE-2010-3640)
* (CVE-2010-3641)
* (CVE-2010-3642)
* (CVE-2010-3643)
* (CVE-2010-3644)
* (CVE-2010-3645)
* (CVE-2010-3646)
* (CVE-2010-3647)
* (CVE-2010-3648)
* (CVE-2010-3649)
* (CVE-2010-3650)
* (CVE-2010-3652)

- a library-loading vulnerability that could lead to code execution (CVE-2010-3976)



Users of Adobe Flash Player 10.1.85.3 and earlier should update to Adobe Flash Player 10.1.102.64. More information can be read from Adobe's security bulletin.

No comments: