---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Adobe Flash Media Server Edge Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28946 VERIFY ADVISORY: http://secunia.com/advisories/28946/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Macromedia Flash Media Server 2.x http://secunia.com/product/6480/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Flash Media Server, which can be exploited by malicious people to compromise a vulnerable system. 1) Integer overflow errors in the Edge Server component when parsing RTMP (Real Time Message Protocol) messages can be exploited to cause a heap-based buffer overflow via specially crafted packets sent to default ports 1935/TCP or 19350/TCP. 2) An error in the Edge Server component when parsing RTMP messages can be exploited to cause a memory corruption by sending a certain sequence of requests. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities affect versions 2.0.4 and prior. SOLUTION: Update to version 2.0.5. http://www.adobe.com/support/flashmediaserver/downloads_updaters.html PROVIDED AND/OR DISCOVERED BY: 1) Sebastian Apelt, reported via iDefense Labs 2) Sean Larsson, iDefense Labs ORIGINAL ADVISORY: APSB08-03: http://www.adobe.com/support/security/bulletins/apsb08-03.html iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=662 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=663 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------