TITLE: Adobe Flash Player Multiple Vulnerabilities Criticality level: Highly critical Impact: Exposure of sensitive information, System access Where: From remote Software: Adobe AIR 2.x Adobe Flash Player 10.x SECUNIA ADVISORY ID: http://secunia.com/advisories/45583/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 4) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 6) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code. 7) An unspecified error can be exploited to disclose certain information from another domain. 8) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 9) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 10) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 11) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code. 12) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 13) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. The vulnerabilities are reported in the following products: * Adobe Flash Player versions 10.3.181.36 and prior for Windows, Macintosh, Linux, and Solaris * Adobe Flash Player versions 10.3.185.25 and prior for Android * Adobe AIR versions 2.7 and prior for Windows, Macintosh, and Android SOLUTION: Update to a fixed version. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-