Thread-topic: [SA19218] Flash Player Unspecified Code Execution Vulnerabilities
>
>
> TITLE:
> Flash Player Unspecified Code Execution Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA19218
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Macromedia Breeze 4.x
>
> Macromedia Breeze 5.x
>
> Macromedia Breeze Meeting Add-In
>
> Macromedia Flash 8.x
>
> Macromedia Flash MX 2004
>
> Macromedia Flash MX Professional 2004
>
> Macromedia Flash Player 7.x
>
> Macromedia Flash Player 8.x
>
> Macromedia Flex 1.x
>
> Shockwave Player 10.x
>
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Flash Player, which can be
> exploited by malicious people to compromise a user's system.
>
> The vulnerabilities are caused due to unspecified errors and can be
> exploited to execute arbitrary code on a user's system when a
> malicious SWF file is loaded.
>
> SOLUTION:
> Install updated versions.
>
> Flash Player 8.0.22.0 and earlier:
> Update to version 8.0.24.0 or 7.0.63.0.
>
>
> Flash Player 8.0.22.0 and earlier - network distribution:
> Update to version 8.0.24.0 or 7.0.63.0.
>
>
> Flash Professional 8, Flash Basic:
> Update to version 8.0.24.0.
>
>
> Flash MX 2004:
> Update to version 7.0.63.0.
>
>
> Flex 1.5:
> Update to version 8.0.24.0.
>
>
> Breeze Meeting Add-In:
> Update to version 7.0.55.331 (Win) or 7.0.55.118 (Mac).
>
>
> Shockwave Player:
> Update to version 10.1.1.
>
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Microsoft for reporting the vulnerabilities.
>
> ORIGINAL ADVISORY:
> Adobe Systems (formerly Macromedia):
>
>
> Microsoft:
>
>
> ----------------------------------------------------------------------
