Macromedia Flash Server - US-CERT Technical Cyber Security Alert TA06-075A --

This is Interesting: Free IT Magazines  
Home > Archive > Macromedia Flash Server > March 2006 > US-CERT Technical Cyber Security Alert TA06-075A --





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author US-CERT Technical Cyber Security Alert TA06-075A --
Copeland, Adam

2006-03-17, 5:45 pm

Good stuff...
-------------

National Cyber Alert System

Technical Cyber Security Alert TA06-075A


Adobe Macromedia Flash Products Contain Vulnerabilities

Original release date: March 16, 2006
Last revised: --
Source: US-CERT


Systems Affected

Microsoft Windows, Apple Mac OS X, Linux, Solaris, or other operating
systems with any of the following Adobe Macromedia products =
installed:
* Flash Player 8.0.22.0 and earlier
* Flash Professional 8
* Flash Basic
* Flash MX 2004
* Flash Debug Player 7.0.14.0 and earlier
* Flex 1.5
* Breeze Meeting Add-In 5.1 and earlier
* Adobe Macromedia Shockwave Player 10.1.0.11 and earlier

For more complete information, refer to Adobe Security Bulletin
APSB06-03.


Overview

There are critical vulnerabilities in Macromedia Flash player and
related software. Exploitation of these vulnerabilities could allow a
remote, unauthenticated attacker to execute arbitrary code or cause a
denial of service on a vulnerable system.


I. Description

Adobe Security Bulletin APSB06-03 addresses vulnerabilities in
Macromedia Flash Player and related software. Further information is
available in the following US-CERT Vulnerability Note:

VU#945060 - Adobe Macromedia Flash products contain multiple
vulnerabilities=20

Several vulnerabilities in Adobe Macromedia Flash products may allow =
a
remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-0024)

Several operating systems, including Microsoft Windows (see Microsoft
Security Advisory 916208), have vulnerable versions of Flash =
installed
by default. Systems with Flash-enabled web browsers are vulnerable. =
An
attacker could host a specially crafted Flash file on a web site and
convince a user to visit the site.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code with
the privileges of the user. If the user is logged on with
administrative privileges, the attacker could take complete control =
of
an affected system. An attacker may also be able to cause a denial of
service.


III. Solution

Apply Updates

Adobe has provided the updates for these vulnerabilities in =
APBS06-03.

Disable Flash

Please see Microsoft Security Advisory 916208 for instructions on how
to disable Flash on Microsoft Windows. For other operating systems =
and
web browsers, please contact the appropriate vendor.


Appendix A. References

* Macromedia - APSB06-03: Flash Player Update to Address Security
Vulnerabilities -
=
<http://www.macromedia.com/devnet/se..._zone/apsb06-03
.html>

* US-CERT Vulnerability Note VU#945060 -
<http://www.kb.cert.org/vuls/id/945060>

* CVE-2006-0024 -
<http://cve.mitre.org/cgi-bin/cvenam...3DCVE-2006-0024>

* Microsoft Security Advisory (916208) -
<http://www.microsoft.com/technet/se...ory/916208.mspx>


________________________________________
____________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA06-075A.html>
________________________________________
____________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert-etTNj8cnB6w@public.gmane.org> with "TA06-075A Feedback VU#945060" in the
subject.
________________________________________
____________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
________________________________________
____________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
________________________________________
____________________________


Revision History

Mar 16, 2006: Initial release


=20
=20
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRBnrc30pj593lg50AQJh0Af/WnwWF6RIXfF6zpDCXMzkEjdaiWUSDa+g
utKrN8ZwUqKsPVw/ uKR9vLwqWrWRYbTAsVjnFd1TBiBcasxAPIM4Y0u8
sYCnXldB
NmpotYhMPiuIIh7t/2bGxaAwOB8yBZvN4GNGDarsiK243/nf0m8Y7e6t+XN5FY6V
nDp+q8mxiPN0T7Bh+ofeEX7m7SOEAza7kBwzsGgR
SZzIkVmwH1+pBjPznmM1Zylh
UzpTPhmvKkQtuDJ3iG3P0J6hrNZqTukEcOh5VB9g
RhfvzpavSa6sXoiI7+/zTADa
IJ8ZZZ6crFYmP/DTPeA9nbeCtQg/HAu+ty6ME/leVsHah3a16NWm4w=3D=3D
=3DXJw+
-----END PGP SIGNATURE-----
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com