Vulnerability in Adobe Flash Player (Updated)

Vulnerability in Adobe Flash Player (Updated)




                                                   JPCERT-AT-2008-0009
                                                             JPCERT/CC
                                            2008-05-28 (First edition)
                                                  2008-05-29 (Updated)

                  <<< JPCERT/CC Alert 2008-05-28 >>>

                 Vulnerability in Adobe Flash Player

             http://www.jpcert.or.jp/at/2008/at080009.txt

I. Overview

*** Update: Revised on May 29, 2008 **********************************

  JPCERT-AT-2008-0009 "Zero-day vulnerability in Adobe Flash Player"
issued on May 28, 2008 reported that a zero-day vulnerability existed
in Adobe Flash Player and attacks exploiting this vulnerability had
already occurred. However, a subsequent investigation by Adobe found
that this vulnerability was resolved in Flash Player 9.0.124.0
released on April 8, 2008.

  Adobe Product Security Incident Response Team (PSIRT)
  Potential Flash Player issue
  http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html

  Currently, exploits targeting this vulnerability are available on 
the Internet, and attacks exploiting these are expected to expand in
the future. When a user opens specially crafted Flash content, a
remote attacker can execute arbitrary code on the user#&39;s computer.

**********************************************************************

II. Products Affected

*** Update: Revised on May 29, 2008 **********************************

  According to Adobe, the following products are affected by this
vulnerability.

  Products affected:
  Flash Player 9.0.115.0 and earlier
  Flash Player 8.0.39.0 and earlier

**********************************************************************

III. Solution

*** Update: Revised on May 29, 2008 **********************************

  To solve this vulnerability, update Flash Player to the latest
version. For more information, refer to the following website:

  Adobe Flash Player download center
  http://www.adobe.com/go/getflash

**********************************************************************


IV. References

*** Update: Added on May 29, 2008 ************************************

    Adobe - Security Advisories
    APSB08-11: Flash Player update available to address security
      vulnerabilities
    http://www.adobe.com/support/security/bulletins/apsb08-11.html

    US-CERT Technical Cyber Security Alert TA08-149A
    Exploitation of Adobe Flash Vulnerability
    http://www.us-cert.gov/cas/techalerts/TA08-149A.html

**********************************************************************

    JVNVU#395473
    Adobe Flash player code execution vulnerability
    http://jvn.jp/cert/JVNVU395473/index.html

    US-CERT Vulnerability Notes VU#395473
    Adobe Flash player code execution vulnerability
    http://www.kb.cert.org/vuls/id/395473

    Adobe Product Security Incident Response Team (PSIRT)
    Potential Flash Player issue
    http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html

    Adobe Flash Player 9
    http://www.adobe.com/jp/products/flashplayer/



  If you have any information you could provide regarding this alert,
please contact us.

__________

Revision history
2008-05-28 First edition
2008-05-29 Revised the vulnerability overview and the solution based
           on the information provided by Adobe. Added references.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top
Privacy Policy
TOP

About JPCERT/CC

Incident Response

Vulnerability Handling

Control System Security

Documents

Published information

APCERT

What's new !!

Related organizations

Vulnerability in Adobe Flash Player (Updated)
