Alert GCSA-07129 Vulnerabilita' in Adobe Flash Player
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-07129
Data : 20 Dicembre 2007
Titolo : Vulnerabilita' in Adobe Flash Player
************************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Adobe Flash Player
che potrebbero consentire ad un aggressore di ottenere il controllo
dei sistemi interessati.
Perche' il sistema venga compromesso e' necessario che l'utente
carichi in Flash Player un file SWF malevolo.
:: Software interessato
Adobe Flash Player 9.0.48.0 e precedenti
Macromedia Flash Player 8.0.35.0 e precedenti
Macromedia Flash Player 7.0.70.0 e precedenti
Adobe Flash CS3
Adobe Flex 2.x
:: Impatto
Bypass dei controlli di sicurezza
Cross Site Scripting
Manipolazione di dati
Esposizione si informazioni sensibili
Privilege escalation
Denial of Service
Accesso al sistema
:: Soluzione
Aggiornare alla versione 9.0.115.0
http://www.adobe.com/go/getflash/
Per conoscere la versione di Adobe Flash Player installata
http://www.adobe.com/products/flash/about/
:: Riferimenti
Abobe Security bulletin APSB07-20
http://www.adobe.com/support/security/bulletins/apsb07-20.html
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/26951
http://www.securityfocus.com/bid/26929
http://www.securityfocus.com/bid/26930
http://www.securityfocus.com/bid/26949
http://www.securityfocus.com/bid/26274
Secunia
http://secunia.com/advisories/28161/
http://secunia.com/advisories/27543/
http://secunia.com/advisories/27277/
http://secunia.com/advisories/28157/
FrSirt
http://www.frsirt.com/english/advisories/2007/4258
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6246
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2007-1126.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR2qEbfOB+SpikaiRAQK82gP8DtjS3t/gStv+e4kcAgdCJHF6PcnVNxxi
TL+Y1/6WQu+dtxBd0Q6dwnOLJaOQVgNF1pFW97PcbLNcbB4/WYQ4ReKdBoNaoycF
nt4x/CdRzCUAJkyZ5Ynxaup4BNHjg2lb0c8zUjRcFDLh9ChMyyB7N7YA/58Lac4e
i4WK6heFJHY=
=qfvM
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-07129
Data : 20 Dicembre 2007
Titolo : Vulnerabilita' in Adobe Flash Player
************************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Adobe Flash Player
che potrebbero consentire ad un aggressore di ottenere il controllo
dei sistemi interessati.
Perche' il sistema venga compromesso e' necessario che l'utente
carichi in Flash Player un file SWF malevolo.
:: Software interessato
Adobe Flash Player 9.0.48.0 e precedenti
Macromedia Flash Player 8.0.35.0 e precedenti
Macromedia Flash Player 7.0.70.0 e precedenti
Adobe Flash CS3
Adobe Flex 2.x
:: Impatto
Bypass dei controlli di sicurezza
Cross Site Scripting
Manipolazione di dati
Esposizione si informazioni sensibili
Privilege escalation
Denial of Service
Accesso al sistema
:: Soluzione
Aggiornare alla versione 9.0.115.0
http://www.adobe.com/go/getflash/
Per conoscere la versione di Adobe Flash Player installata
http://www.adobe.com/products/flash/about/
:: Riferimenti
Abobe Security bulletin APSB07-20
http://www.adobe.com/support/security/bulletins/apsb07-20.html
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/26951
http://www.securityfocus.com/bid/26929
http://www.securityfocus.com/bid/26930
http://www.securityfocus.com/bid/26949
http://www.securityfocus.com/bid/26274
Secunia
http://secunia.com/advisories/28161/
http://secunia.com/advisories/27543/
http://secunia.com/advisories/27277/
http://secunia.com/advisories/28157/
FrSirt
http://www.frsirt.com/english/advisories/2007/4258
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6246
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2007-1126.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR2qEbfOB+SpikaiRAQK82gP8DtjS3t/gStv+e4kcAgdCJHF6PcnVNxxi
TL+Y1/6WQu+dtxBd0Q6dwnOLJaOQVgNF1pFW97PcbLNcbB4/WYQ4ReKdBoNaoycF
nt4x/CdRzCUAJkyZ5Ynxaup4BNHjg2lb0c8zUjRcFDLh9ChMyyB7N7YA/58Lac4e
i4WK6heFJHY=
=qfvM
-----END PGP SIGNATURE-----