Alert GCSA-09064 - APSB09-10 Vulnerabilita' in Adobe Flash Player
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09064
Data : 31 luglio 2009
Titolo : APSB09-10 Vulnerabilita' in Adobe Flash Player e Shockwave Player
******************************************************************
:: Descrizione del problema
Varie vulnerabilita' critiche sono state identificate nelle
versioni correnti di Adobe Flash Player e Shockwave Player.
Questi difetti potrebbero consentire ad un aggressore
di ottenere il controllo dei sistemi interessati.
:: Software interessato
Adobe Flash Player 9.0.159.0 e precedenti
Adobe Flash Player 10.0.22.87 e precedenti
Adobe Shockwave Player 11.5.0.600 e precedenti
Per verificare la versione di Flash Player installata
accedere alla seguente pagina
http://www.adobe.com/products/flash/about/
Se utilizzate piu' browser effettuare il controllo
da ognuno di essi.
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Esposizione di informazioni sensibili
:: Soluzioni
Aggiornare Flash Player alla versione 9.0.246.0 o 10.0.32.18
http://www.adobe.com/go/getflashplayer
oppure utilizzare la funzione auto-update presente nel prodotto
quando viene proposta.
Per Adobe Shockwave aggiornare alla versione 11.5.1.601 (Windows)
http://get.adobe.com/shockwave/
:: Riferimenti
Abobe Security Advisory e Bulletin
http://www.adobe.com/support/security/advisories/apsa09-04.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
http://www.adobe.com/support/security/bulletins/apsb09-11.html
Adobe PSIRT
http://blogs.adobe.com/psirt/2009/07/impact_of_microsoft_atl_vulner.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1870
Vupen Security
http://www.vupen.com/english/advisories/2009/2065
http://www.vupen.com/english/advisories/2009/2066
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSnLJcvOB+SpikaiRAQLZ8gQAkFnXH0TQW1DR7HZ1yGC81pzyuKoTuA98
o93+BGVWyXygQZvtDT3xUksyDnz3dq0J4d20D6REpB50HrZbJ8QBnLuqEcxQ7jBj
PscBTBchD2p/FcmPMA/yDo05umMitnOgvTilV9CqI7PqsJX5Reb7kB2ebxApl8oQ
8vUwVcA66UA=
=YTqI
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09064
Data : 31 luglio 2009
Titolo : APSB09-10 Vulnerabilita' in Adobe Flash Player e Shockwave Player
******************************************************************
:: Descrizione del problema
Varie vulnerabilita' critiche sono state identificate nelle
versioni correnti di Adobe Flash Player e Shockwave Player.
Questi difetti potrebbero consentire ad un aggressore
di ottenere il controllo dei sistemi interessati.
:: Software interessato
Adobe Flash Player 9.0.159.0 e precedenti
Adobe Flash Player 10.0.22.87 e precedenti
Adobe Shockwave Player 11.5.0.600 e precedenti
Per verificare la versione di Flash Player installata
accedere alla seguente pagina
http://www.adobe.com/products/flash/about/
Se utilizzate piu' browser effettuare il controllo
da ognuno di essi.
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Esposizione di informazioni sensibili
:: Soluzioni
Aggiornare Flash Player alla versione 9.0.246.0 o 10.0.32.18
http://www.adobe.com/go/getflashplayer
oppure utilizzare la funzione auto-update presente nel prodotto
quando viene proposta.
Per Adobe Shockwave aggiornare alla versione 11.5.1.601 (Windows)
http://get.adobe.com/shockwave/
:: Riferimenti
Abobe Security Advisory e Bulletin
http://www.adobe.com/support/security/advisories/apsa09-04.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
http://www.adobe.com/support/security/bulletins/apsb09-11.html
Adobe PSIRT
http://blogs.adobe.com/psirt/2009/07/impact_of_microsoft_atl_vulner.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1870
Vupen Security
http://www.vupen.com/english/advisories/2009/2065
http://www.vupen.com/english/advisories/2009/2066
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSnLJcvOB+SpikaiRAQLZ8gQAkFnXH0TQW1DR7HZ1yGC81pzyuKoTuA98
o93+BGVWyXygQZvtDT3xUksyDnz3dq0J4d20D6REpB50HrZbJ8QBnLuqEcxQ7jBj
PscBTBchD2p/FcmPMA/yDo05umMitnOgvTilV9CqI7PqsJX5Reb7kB2ebxApl8oQ
8vUwVcA66UA=
=YTqI
-----END PGP SIGNATURE-----