GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Oct 04, 2006 10:26 pm Post subject: [ GLSA 200610-02 ] Adobe Flash Player: Arbitrary code execut |
|
|
Gentoo Linux Security Advisory
Title: Adobe Flash Player: Arbitrary code execution (GLSA 200610-02)
Severity: normal
Exploitable: remote
Date: October 04, 2006
Updated: May 28, 2009
Bug(s): #147421
ID: 200610-02
Synopsis
Multiple input validation errors have been identified that allow arbitrary code execution on a user's system via the handling of malicious Flash files.
Background
The Adobe Flash Player is a renderer for Flash files - commonly used to provide interactive websites, digital experiences and mobile content.
Affected Packages
Package: www-plugins/adobe-flash
Vulnerable: < 7.0.68
Unaffected: >= 7.0.68
Architectures: All supported architectures
Description
The Adobe Flash Player contains multiple unspecified vulnerabilities.
Impact
An attacker could entice a user to view a malicious Flash file and execute arbitrary code with the rights of the user running the player.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-7.0.68" |
References
Adobe Security Bulletin
CVE-2006-3311
CVE-2006-3587
CVE-2006-3588
Last edited by GLSA on Fri May 29, 2009 4:17 am; edited 1 time in total |
|