Published: 2009-12-27T13:59+00:00
Last Updated: 2009-12-27T13:59+00:00
JVNTR-2009-28
Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR (TA09-343A)
Overview
Adobe has released Security bulletin APSB09-19, which describes vulnerabilities affecting Adobe Flash Player and Adobe AIR.
Event Information
| Date (UTC) | Description |
| 2009-12-10 |
Adobe APSB09-19: Security updates available for Adobe Flash Player Bulletin updated with link to Flash Player 9 under Solution. |
| 2009-12-09 19:08 |
US-CERT TA09-343A: Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR Via US-CERT Mailing List |
| 2009-12-09 13:03 |
US-CERT Adobe Releases Security Updates for Flash Player and AIR US-CERT Current Activity Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Flash Player 10.0.32.18 and earlier and Adobe AIR1.5.2 and earlier. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. |
| 2009-12-09 03:03 |
JPCERT/CC JPCERT-AT-2009-0026: Vulnerabilities in Adobe Flash Player |
| 2009-12-09 |
SANS Internet Storm Center Adobe flash player and air patched The almost universally installed flash player of adobe has been update to version 10.0.42.34. Adobe air was upgraded as well to version 1.5.3. |
| 2009-12-08 16:26 |
Adobe Security Bulletin - Adobe Flash Player Adobe Product Security Incident Response Team (PSIRT) A Security Bulletin was posted to address critical security issues in Adobe Flash Player. This Security Bulletin affects Flash Player versions 10.0.12.36 and earlier, as well as AIR versions 1.5.2 and earlier. |
| 2009-12-08 16:26 |
Adobe APSB09-19: Security updates available for Adobe Flash Player Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3. |
| 2009-12-03 11:02 |
Adobe Pre-Notification - Security Update for Adobe Flash Player Adobe Product Security Incident Response Team (PSIRT) A Security Advisory has been posted in regards to the upcoming Adobe Flash Player update scheduled for December 8, 2009. The update addresses critical security issues in the product. |
| 2009-12-03 11:02 |
Adobe APSB09-19: Security Advisory for Adobe Flash Player Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues. Adobe expects to make these updates available on December 8, 2009. |
| 2009-07-14 |
Zero Day Initiative (ZDI) ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability Vulnerability (CVE-2009-3794) Reported The specific flaw exists in the parsing of JPEG dimensions contained within an SWF file. Due to the lack of sanity checking when calculating the frame size of an image it is possible to overflow a heap based buffer. Successful exploitation of this issue can lead to remote system compromise under the credentials of the currently logged in user. |
| 2008-10-15 |
Zero Day Initiative (ZDI) ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability Vulnerability (CVE-2009-3799) Reported The specific flaw exists in the generation of ActionScript exception handlers. In Verifier::parseExceptionHandlers(), a large value for exception_count will result in an integer overflow condition leading to a memory corruption which can be leveraged to execute arbitrary code under the context of the currently logged in user. |