[Bug 125233] [flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions

hk47 bugtracker at slideomania.com
Wed Jul 11 11:40:50 UTC 2007


Public bug reported:

Binary package hint: flashplugin-nonfree

An updated version of Adobe Flash Player, that fixes possible arbitrary
code execution, is available. Please provide updated packages for
flashplugin-nonfree.

From:
http://www.heise-security.co.uk/news/92520

"While an input validation error could lead to arbitrary code execution
in Flash Player 9.0.45.0 and prior versions, insufficient validation of
the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might
help attackers to execute cross-site scripting attacks. Another security
problem related to the Opera and Konqueror browsers exists in Flash
Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not
provide more detailed information on this issue. The vendor advises
users to upgrade to version 9.0.47, but also provides patches for other
versions of the software."

Corresponding Adobe Security Advisories:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

** Affects: flashplugin-nonfree (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** Description changed:

  Binary package hint: flashplugin-nonfree
  
  An updated version of Adobe Flash Player, that fixes possible arbitrary
  code execution, is available. Please provide updated packages for
  flashplugin-nonfree.
  
  From:
  http://www.heise-security.co.uk/news/92520
  
  "While an input validation error could lead to arbitrary code execution
  in Flash Player 9.0.45.0 and prior versions, insufficient validation of
  the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might
  help attackers to execute cross-site scripting attacks. Another security
  problem related to the Opera and Konqueror browsers exists in Flash
  Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not
  provide more detailed information on this issue. The vendor advises
  users to upgrade to version 9.0.47, but also provides patches for other
  versions of the software."
+ 
+ Corresponding Adobe Security Advisories:
+ http://www.adobe.com/support/security/bulletins/apsb07-12.html

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3456

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3457

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2022

-- 
[flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions
https://bugs.launchpad.net/bugs/125233
You received this bug notification because you are a member of Mozilla
Bugs, which is a bug contact for flashplugin-nonfree in ubuntu.




More information about the Ubuntu-mozillateam-bugs mailing list