---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Domain Sandbox Bypass Vulnerability SECUNIA ADVISORY ID: SA38547 VERIFY ADVISORY: http://secunia.com/advisories/38547/ DESCRIPTION: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error while enforcing cross-domain restrictions. This can be exploited to bypass domain sandbox limitations and perform unauthorized cross-domain requests. NOTE: An error causing a potential DoS (Denial of Service) has also been reported. SOLUTION: Update to a fixed version. Adobe Flash Player: Update to version 10.0.45.2: http://www.adobe.com/go/getflash Adobe Flash Player (network distribution): Update to version 10.0.45.2: http://www.adobe.com/licensing/distribution Adobe AIR: Update to version 1.5.3.1930: http://get.adobe.com/air Adobe Flash CS4 Professional: Update to version 10.0.45.2: http://www.adobe.com/support/flashplayer/downloads.html#fp10 Adobe Flash CS3 Professional: Update to version 9.0.262: http://www.adobe.com/support/flashplayer/downloads.html#fp9 Adobe Flex 3: http://www.adobe.com/support/flashplayer/downloads.html#fp9 PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Yong Park. ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb10-06.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------