Published: 2009-12-27T13:59+00:00    Last Updated: 2009-12-27T13:59+00:00

JVNTR-2009-28
Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR (TA09-343A)

Overview

Adobe has released Security bulletin APSB09-19, which describes vulnerabilities affecting Adobe Flash Player and Adobe AIR.

Event Information


Date (UTC)Description
2009-12-10 Adobe
APSB09-19: Security updates available for Adobe Flash Player
Bulletin updated with link to Flash Player 9 under Solution.
2009-12-09 19:08 US-CERT
TA09-343A: Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR
Via US-CERT Mailing List
2009-12-09 13:03 US-CERT
Adobe Releases Security Updates for Flash Player and AIR
US-CERT Current Activity
Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Flash Player 10.0.32.18 and earlier and Adobe AIR1.5.2 and earlier. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.
2009-12-09 03:03 JPCERT/CC
JPCERT-AT-2009-0026: Vulnerabilities in Adobe Flash Player
2009-12-09 SANS Internet Storm Center
Adobe flash player and air patched
The almost universally installed flash player of adobe has been update to version 10.0.42.34. Adobe air was upgraded as well to version 1.5.3.
2009-12-08 16:26 Adobe
Security Bulletin - Adobe Flash Player
Adobe Product Security Incident Response Team (PSIRT)
A Security Bulletin was posted to address critical security issues in Adobe Flash Player. This Security Bulletin affects Flash Player versions 10.0.12.36 and earlier, as well as AIR versions 1.5.2 and earlier.
2009-12-08 16:26 Adobe
APSB09-19: Security updates available for Adobe Flash Player
Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.
2009-12-03 11:02 Adobe
Pre-Notification - Security Update for Adobe Flash Player
Adobe Product Security Incident Response Team (PSIRT)
A Security Advisory has been posted in regards to the upcoming Adobe Flash Player update scheduled for December 8, 2009. The update addresses critical security issues in the product.
2009-12-03 11:02 Adobe
APSB09-19: Security Advisory for Adobe Flash Player
Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues. Adobe expects to make these updates available on December 8, 2009.
2009-07-14 Zero Day Initiative (ZDI)
ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
Vulnerability (CVE-2009-3794) Reported
The specific flaw exists in the parsing of JPEG dimensions contained within an SWF file. Due to the lack of sanity checking when calculating the frame size of an image it is possible to overflow a heap based buffer. Successful exploitation of this issue can lead to remote system compromise under the credentials of the currently logged in user.
2008-10-15 Zero Day Initiative (ZDI)
ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
Vulnerability (CVE-2009-3799) Reported
The specific flaw exists in the generation of ActionScript exception handlers. In Verifier::parseExceptionHandlers(), a large value for exception_count will result in an integer overflow condition leading to a memory corruption which can be leveraged to execute arbitrary code under the context of the currently logged in user.