Published: 2010-01-20T13:19+00:00    Last Updated: 2010-01-20T13:19+00:00

JVNTR-2010-02
Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities (TA10-012B)

Overview

Microsoft has released updates to address a vulnerability in the Windows Embedded Open Type (EOT) font engine. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.

Event Information


Date (UTC)Description
2010-01-19 21:16 Symantec
ThreatCON (2) => (2)
The ThreatCon is at level 2. Microsoft has released a security advisory and mitigation for a new unpatched vulnerability affecting Internet Explorer.
2010-01-13 06:54 Microsoft
ms10-jan: Microsoft Security Bulletin Summary for January 2010
Included in this advisory are updates for newly discovered vulnerabilities.
2010-01-13 02:55 JPCERT/CC
JPCERT-AT-2010-0002: January 2010 Microsoft Security Bulletin
2010-01-13 01:33 Microsoft
Microsoft Security Advisory (979267): Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution
Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP.
2010-01-12 23:27 US-CERT
TA10-012B: Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities
Via US-CERT Mailing List
2010-01-12 21:16 SANS Internet Storm Center
Microsoft Advices XP Users to Uninstall Flash Player 6
As part of today's bulletin release, Microsoft advices users of Windows XP to uninstall Flash Player 6 which is installed with Windows XP. Affected users should upgrade to the latest version or Flash Player which is available for download from Adobe.
2010-01-12 19:48 SANS Internet Storm Center
Microsoft Security Bulletin: January 2010
Overview of the January 2010 Microsoft patch and status.
2010-01-12 18:07 US-CERT
Microsoft Releases January Security Bulletin
US-CERT Current Activity
Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010.
2010-01-12 12:27 Adobe
Microsoft Security Advisory (979267)
Adobe Product Security Incident Response Team (PSIRT)
2010-01-07 19:23 Microsoft
ms10-jan: Microsoft Security Bulletin Advance Notification for January 2010
Included in this advisory are updates for newly discovered vulnerabilities.
2007-10-18 Secunia Research
2007-77: Microsoft Windows Flash Player Movie Unloading Vulnerability
Vulnerability Reported
The vulnerability is caused by a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page.


Other Information

CVE