1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Adobe Flash Player remote code execution vulnerability

Report ID: SA200900917
Source: F-Secure
Date of Discovery: 25.02.2009
Criticality: Urgent
Affects:
Adobe Flash Player 10.x
Adobe Flash Player 9.x

Compromise From: From remote
Compromise Type: Remote code execution
System access

Summary

A vulnerability has been reported in Adobe Flash Player 10.0.12.36 and earlier which can allow attackers to take the complete control of the affected machine.

Detailed Description

An attacker can exploit this vulnerability when a specially crafted SWF file is loaded in Flash Player by the user. This vulnerability is due to the improper handling of SWF file by Flash Player. Adobe recommends users update to the most current version of Flash Player available for their platform

Solution

-- Adobe Flash Player 9.x --
Update to version 9.0.159.0:
www.adobe.com/go/kb406791

-- Adobe Flash Player 10.x --
Update to version 10.0.22.87:
www.adobe.com/go/getflashplayer

 

Original Reference

-