Published: 2008-04-13T21:18+00:00
Last Updated: 2008-05-06T22:57+00:00
TRTA08-100A
Adobe Flash Updates for Multiple Vulnerabilities
Overview
Adobe has released Security advisory APSB08-11 to address multiple vulnerabilities affecting Adobe Flash. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
Event Information
| Date (UTC) | Description |
| 2008-04-09 15:36 |
US-CERT TA08-100A: Adobe Flash Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2008-04-09 11:34 |
US-CERT Adobe Flash Player Vulnerabilities US-CERT Current Activity Adobe has released Flash Player 9.0.124.0 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or conduct cross-site scripting attacks. |
| 2008-04-09 00:43 |
SANS Internet Storm Center Critical vulnerabilities in Adobe Flash Player Adobe has released a security bulletin today, APSB08-11, to address multiple vulnerabilities in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could lead to the potential execution of arbitrary code remotely. Additionally the update includes DNS rebinding attack and cross-domain policy countermeasures. |
| 2008-04-08 |
IBM Internet Security Systems Adobe Flash Player Invalid Pointer Vulnerability Invalid Pointer Vulnerability (CVE-2007-0071) Adobe Flash Player is vulnerable to a buffer overflow, caused by an integer overflow vulnerability in the processing of multimedia files. By creating a specially-crafted multimedia file and persuading the victim to open the file, a remote attacker could overflow a buffer and execute arbitrary code on the system. |
| 2008-04-08 |
Adobe APSB08-11: Flash Player update available to address security vulnerabilities Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. It is recommended users update to the most current version of Flash Player available for their operating system. |
| 2008-02-07 |
Zero Day Initiative (ZDI) ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability Invalid Object Use Vulnerability (CVE-2007-6019) Vulnerability Reported This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. |
| 2007-12-19 |
Secunia Research 2007-103: Adobe Flash Player "Declare Function (V7)" Heap Overflow Invalid Object Use / Declare Function (V7) tag Vulnerability (CVE-2007-6019) Vulnerability Reported |