Adobe has released updated version of their Flash Player. The new version fixes a bunch of vulnerabilities:
- a memory corruption vulnerability that could lead to code execution (CVE-2010-3654). More information
- an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).
- a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).
- an information disclosure vulnerability (Macintosh platform, Safari browser only) (CVE-2010-3638).
- a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).
- multiple memory corruption vulnerabilities that could lead to code execution:
* (CVE-2010-3640)
* (CVE-2010-3641)
* (CVE-2010-3642)
* (CVE-2010-3643)
* (CVE-2010-3644)
* (CVE-2010-3645)
* (CVE-2010-3646)
* (CVE-2010-3647)
* (CVE-2010-3648)
* (CVE-2010-3649)
* (CVE-2010-3650)
* (CVE-2010-3652)
- a library-loading vulnerability that could lead to code execution (CVE-2010-3976)
Users of Adobe Flash Player 10.1.85.3 and earlier should update to Adobe Flash Player 10.1.102.64. More information can be read from Adobe's security bulletin.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment