homeofoffice2007professional

Residence Help
Safety advisories Safety bulletin Flash Player update available to address safety vulnerabilities

Release date: October fifteen, 2008

Vulnerability identifier: APSB08-18

CVE range: CVE-2007-6243, CVE-2008-3873, CVE-2007-4324, CVE-2008-4401, CVE-2008-4503

Platform: All Platforms

Summary

Potential vulnerabilities have been recognized in Adobe Flash Player 9.0.124.0 and earlier that might let an attacker who efficiently exploits these possible vulnerabilities to bypass Flash Player safety controls. Adobe suggests consumers update to the most present edition of Flash Player available for their platform. Because of to the chance that these safety enhancements and changes may influence current content material, customers are recommended to critique this Adobe Developer Center article to ascertain if their content material is going to be impacted, and to begin implementing essential changes quickly to assist guarantee a seamless transition.

This update addresses the problem previously documented in Safety Advisory APSA08-08. The Flash Player ten.0.12.36 and Flash Player 9.0.151.0 updates also deal with the problems outlined in Safety Bulletins APSB08-20 and APSB08-22.

Revisions

November 17, 2008 – Bulletin up-to-date with data about the AIR one.5 update and Safety Bulletin APSB08-22
November 5, 2008 – Bulletin up-to-date with data about the Flash Player 9.0.151.0 update
October fifteen, 2008 – Bulletin very first created

Affected software versions

Adobe Flash Player 9.0.124.0 and earlier.

To confirm the Adobe Flash Player edition range, entry the About Flash Player web page, or right-click on Flash content material and pick "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Solution

Adobe suggests all consumers of Adobe Flash Player 9.0.124.0 and earlier versions upgrade to the newest edition ten.0.12.36 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

For consumers who cannot update to Flash Player ten, Adobe has developed a patched edition of Flash Player 9, Flash Player 9.0.151.0, which can be downloaded from the following link.

Severity rating

Adobe categorizes this as a critical update and suggests impacted consumers upgrade to edition ten.0.12.36.

Details

Due to the chance that these safety enhancements and changes may influence current content material, customers are recommended to critique this Adobe Developer Connection article to ascertain if their content material is going to be impacted, and to begin implementing essential changes quickly to assist guarantee a seamless transition.

The Flash Player ten.0.12.36 and Flash Player 9.0.151.0 updates also deal with the problems outlined in Safety Bulletins APSB08-20 and APSB08-22.

This update addresses a possible ‘Clickjacking’ concern in Flash Player. Clickjacking is an concern in multiple web browsers that might let an attacker to lure a web browser user into unknowingly clicking on a link or dialog. This update helps prevent a Clickjacking attack on a Flash Player user’s camera and microphone. (CVE-2008-4503)

This update includes further changes to enhance Flash Player’s interpretation of cross-domain policy files. These changes could aid prevent privilege escalation attacks against web servers hosting Flash content material and cross-domain policy files. For more data, see the following section of the “Adobe Flash Player ten Safety Changes” Adobe Developer Connection article. (CVE-2007-6243)

This update introduces functionality to further mitigate a possible port-scanning concern. For more data, see the following Adobe Developer Connection article. (CVE-2007-4324)

This update introduces changes to the Clipboard API that will prevent possible ‘Clipboard attacks’. For more data, see the following section of the "Adobe Flash Player ten Safety Changes" Adobe Developer Center article. (CVE-2008-3873)

This update introduces changes to the FileReference upload and download APIs to require user interaction. For more data, see the following section of the “Adobe Flash Player ten Safety Changes” Adobe Developer Connection article. (CVE-2008-4401)

Affected software

Recommended participant update

Availability

Flash Player 9.0.124.0 and earlier

10.0.12.36

Player Download Center

Flash Player 9.0.124.0 and earlier – network distribution

10.0.12.36

Player Licensing

Flash Player 9.0.124.0 and earlier for Linux

10.0.12.36

Player Download Center

AIR one.1

AIR one.5

AIR Download Center

Flash CS4 Professional

10.0.12.36

Adobe Flash Player ten Update for Flash CS4 Professional

Flex 3

10.0.12.36

Flash Debug Player Updater

 

Acknowledgments

Adobe would like to thank Robert Hansen of SecTheory and Jeremiah Grossman of WhiteHat Safety, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin for reporting the Clickjacking vulnerability and for working with us to assist protect our customers’ safety. (CVE-2008-4503)

Adobe would like to thank fukami of SektionEins for reporting the port-scanning concern. (CVE-2007-4324)

Tags: Office 2007 Keygen, Office Professional 2010, Windows 7 Professional