Adobe Flash contains a vulnerability that may allow an attacker to run code on a system that has a vulnerable version of the Flash player installed. There are reports that this vulnerability is being actively exploited.
The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewed within a web browser.
A remoted, unauthenticated attacker may be able to execute arbitrary code.
This issue has been addressed in the most recent version (22.214.171.124) of Adobe Flash. Microsoft Windows users should browse to the Adobe Flash Player Support Center downloads and install the most recent version of Flash site using Internet Explorer, then repeat the process for all other installed browsers (Firefox, Opera, Safari, etc). Systems that are not running Windows should be updated by going to the Adobe Flash Player Support Center downloads and installing the most recent version of Flash with all each web browser on the system.
Workarounds for users running Internet Explorer
Workarounds for network administrators
Thanks to SANS for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2008-05-27|
|Date Last Updated:||2008-06-09 12:40 UTC|