Vulnerability Note VU#395473
Adobe Flash player code execution vulnerability
Adobe Flash contains a vulnerability that may allow an attacker to run code on a system that has a vulnerable version of the Flash player installed. There are reports that this vulnerability is being actively exploited.
The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewed within a web browser.
A remoted, unauthenticated attacker may be able to execute arbitrary code.
This issue has been addressed in the most recent version (18.104.22.168) of Adobe Flash. Microsoft Windows users should browse to the Adobe Flash Player Support Center downloads and install the most recent version of Flash site using Internet Explorer, then repeat the process for all other installed browsers (Firefox, Opera, Safari, etc). Systems that are not running Windows should be updated by going to the Adobe Flash Player Support Center downloads and installing the most recent version of Flash with all each web browser on the system.
Workarounds for users running Internet Explorer
Workarounds for network administrators
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||27 May 2008||27 May 2008|
CVSS Metrics (Learn More)
Thanks to SANS for information that was used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 27 May 2008
- Date First Published: 27 May 2008
- Date Last Updated: 09 Jun 2008
- Severity Metric: 65.81
- Document Revision: 38
If you have feedback, comments, or additional information about this vulnerability, please send us email.