JPCERT-AT-2008-0009
JPCERT/CC
2008-05-28 (First edition)
2008-05-29 (Updated)
<<< JPCERT/CC Alert 2008-05-28 >>>
Vulnerability in Adobe Flash Player
http://www.jpcert.or.jp/at/2008/at080009.txt
I. Overview
*** Update: Revised on May 29, 2008 **********************************
JPCERT-AT-2008-0009 "Zero-day vulnerability in Adobe Flash Player"
issued on May 28, 2008 reported that a zero-day vulnerability existed
in Adobe Flash Player and attacks exploiting this vulnerability had
already occurred. However, a subsequent investigation by Adobe found
that this vulnerability was resolved in Flash Player 9.0.124.0
released on April 8, 2008.
Adobe Product Security Incident Response Team (PSIRT)
Potential Flash Player issue
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Currently, exploits targeting this vulnerability are available on
the Internet, and attacks exploiting these are expected to expand in
the future. When a user opens specially crafted Flash content, a
remote attacker can execute arbitrary code on the user's computer.
**********************************************************************
II. Products Affected
*** Update: Revised on May 29, 2008 **********************************
According to Adobe, the following products are affected by this
vulnerability.
Products affected:
Flash Player 9.0.115.0 and earlier
Flash Player 8.0.39.0 and earlier
**********************************************************************
III. Solution
*** Update: Revised on May 29, 2008 **********************************
To solve this vulnerability, update Flash Player to the latest
version. For more information, refer to the following website:
Adobe Flash Player download center
http://www.adobe.com/go/getflash
**********************************************************************
IV. References
*** Update: Added on May 29, 2008 ************************************
Adobe - Security Advisories
APSB08-11: Flash Player update available to address security
vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb08-11.html
US-CERT Technical Cyber Security Alert TA08-149A
Exploitation of Adobe Flash Vulnerability
http://www.us-cert.gov/cas/techalerts/TA08-149A.html
**********************************************************************
JVNVU#395473
Adobe Flash player code execution vulnerability
http://jvn.jp/cert/JVNVU395473/index.html
US-CERT Vulnerability Notes VU#395473
Adobe Flash player code execution vulnerability
http://www.kb.cert.org/vuls/id/395473
Adobe Product Security Incident Response Team (PSIRT)
Potential Flash Player issue
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Adobe Flash Player 9
http://www.adobe.com/jp/products/flashplayer/
If you have any information you could provide regarding this alert,
please contact us.
__________
Revision history
2008-05-28 First edition
2008-05-29 Revised the vulnerability overview and the solution based
on the information provided by Adobe. Added references.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top