---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA21865 VERIFY ADVISORY: http://secunia.com/advisories/21865/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: >From remote SOFTWARE: Macromedia Flash 8.x http://secunia.com/product/7024/ Macromedia Flash MX 2004 http://secunia.com/product/3192/ Macromedia Flash MX Professional 2004 http://secunia.com/product/3191/ Macromedia Flash Player 7.x http://secunia.com/product/2634/ Macromedia Flash Player 8.x http://secunia.com/product/6153/ Macromedia Flex 1.x http://secunia.com/product/5246/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system. 1) Various unspecified input validation errors may allow arbitrary code execution when e.g. visiting a malicious website. 2) An unspecified error can be exploited to bypass the "allowScriptAccess" option. 3) Unspecified errors exist in the way the ActiveX control is invoked by Microsoft Office products on Windows. SOLUTION: Update to version 9.0.16.0 or another fixed version (see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for reporting one of the vulnerabilities. 2) Reported by the vendor. 3) Reported by the vendor. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb06-11.html OTHER REFERENCES: Microsoft: http://www.microsoft.com/technet/security/advisory/925143.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------