Alert GCSA-08039 - APSB08-11 Vulnerabilita' in Adobe Flash Player
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08039
Data : 10 aprile 2008
Titolo : APSB08-11 Vulnerabilita' in Adobe Flash Player
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Adobe Flash Player
che potrebbero consentire ad un aggressore di ottenere il controllo
dei sistemi interessati. Perche' il sistema venga compromesso
e' necessario che l'utente apra un file SWF malevolo.
:: Software interessato
Adobe Flash Player 9.0.115.0 e precedenti
Macromedia Flash Player 8.0.39.0 e precedenti
Adobe Flex 3.0
Adobe AIR 1.0
:: Impatto
Bypass dei controlli di sicurezza
Cross Site Scripting
Accesso al sistema
:: Soluzioni
Aggiornare alla versione 9.0.124.0
http://www.adobe.com/go/getflash/
Per conoscere la versione di Adobe Flash Player installata
http://www.adobe.com/products/flash/about/
:: Riferimenti
Abobe Security bulletin
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/26930
http://www.securityfocus.com/bid/26966
http://www.securityfocus.com/bid/28694
http://www.securityfocus.com/bid/28696
Secunia Advisory
http://secunia.com/advisories/28083/
Secunia Research
http://secunia.com/secunia_research/2007-103/advisory/
FrSirt
http://www.frsirt.com/english/advisories/2008/1158
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2008-0221.html
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-08-021/
ISS X-Force
http://www.iss.net/threats/289.html
SANS ISC Diary
http://isc.sans.org/diary.html?storyid=4268
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR/36ePOB+SpikaiRAQJoSgP9Fqsa/ADwOoA03kQ3jnJin19gh4gRZYdT
T24mq1I1+G1Hax7cNU1vajYV99S5m7KQwxr55RqZrIdegWQUHQeFcGzi5v/Z0kHl
yQA3lqK8y5cL/tumyq4WHR1fmZH38jJTA8YhleZYLdK1DjUjHF66prDsxqcnp6WC
Hf1YYQsXmiI=
=WUH9
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08039
Data : 10 aprile 2008
Titolo : APSB08-11 Vulnerabilita' in Adobe Flash Player
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Adobe Flash Player
che potrebbero consentire ad un aggressore di ottenere il controllo
dei sistemi interessati. Perche' il sistema venga compromesso
e' necessario che l'utente apra un file SWF malevolo.
:: Software interessato
Adobe Flash Player 9.0.115.0 e precedenti
Macromedia Flash Player 8.0.39.0 e precedenti
Adobe Flex 3.0
Adobe AIR 1.0
:: Impatto
Bypass dei controlli di sicurezza
Cross Site Scripting
Accesso al sistema
:: Soluzioni
Aggiornare alla versione 9.0.124.0
http://www.adobe.com/go/getflash/
Per conoscere la versione di Adobe Flash Player installata
http://www.adobe.com/products/flash/about/
:: Riferimenti
Abobe Security bulletin
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/26930
http://www.securityfocus.com/bid/26966
http://www.securityfocus.com/bid/28694
http://www.securityfocus.com/bid/28696
Secunia Advisory
http://secunia.com/advisories/28083/
Secunia Research
http://secunia.com/secunia_research/2007-103/advisory/
FrSirt
http://www.frsirt.com/english/advisories/2008/1158
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2008-0221.html
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-08-021/
ISS X-Force
http://www.iss.net/threats/289.html
SANS ISC Diary
http://isc.sans.org/diary.html?storyid=4268
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR/36ePOB+SpikaiRAQJoSgP9Fqsa/ADwOoA03kQ3jnJin19gh4gRZYdT
T24mq1I1+G1Hax7cNU1vajYV99S5m7KQwxr55RqZrIdegWQUHQeFcGzi5v/Z0kHl
yQA3lqK8y5cL/tumyq4WHR1fmZH38jJTA8YhleZYLdK1DjUjHF66prDsxqcnp6WC
Hf1YYQsXmiI=
=WUH9
-----END PGP SIGNATURE-----