Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 6th, 2008

Six Security Vulnerabilities Updated By Adobe In Flash Player 9

Adobe has released another Flash Player 9 update to cover at least six documented security vulnerabilities that could expose users to a wide range of hacker attacks.

The patch, rated “critical” by Adobe, affects Flash Player on all platforms. The latest Flash Player vulnerabilities include:

CVE-2008-4818: This update includes a change to the way Flash Player interprets HTTP response headers to prevent a potential cross-site scripting attack.

CVE-2008-4819: This update introduces a change to mitigate a potential issue that could aid an attacker in executing a DNS rebinding attack.

CVE-2008-4823: This update introduces stricter interpretation of an ActionScipt attribute to prevent a potential HTML injection issue.

CVE-2008-4822: This update prevents an issue with policy file interpretation that could potentially lead to bypass of a non-root domain policy.

CVE-2008-4821: This update prevents an issue with the Flash Player interpretation of jar: protocol on Mozilla browsers that could potentially lead to information disclosure.

CVE-2008-4820: This update prevents a potential Windows-only information disclosure issue in the Flash Player ActiveX control.

Users can use this page to determine which version of Flash Player is installed on a system.

Separately, Adobe released Security Bulletin ASPB08-21 to resolve a potential privilege escalation issue that is particularly applicable to ColdFusion servers in a shared hosting environment:

A vulnerability in ColdFusion could allow a lower-privileged user to bypass sandbox security and access sensitive information, and could potentially lead to a privilege escalation attack. This issue is particularly applicable to ColdFusion servers in a shared hosting environment. This issue is not remotely exploitable.

Affected software versions are ColdFusion 8, ColdFusion 8.0.1 and ColdFusion MX 7.0.2 Solution.

Any version below Flash Player will be vulnerable to these attack scenarios. Adobe is recommending that users upgrade immediately to Flash Player 10.

Share this item with others:

More on CyberInsecure:
  • Adobe Fixes Clickjacking Vulnerability In Flash Player 10
  • Critical Security Vulnerability Patched In Adobe AIR 1.5
  • Potential Vulnerability In Adobe Flash
  • Critical Flash Player, Acrobat, Reader Vulnerability Exploited In The Wild
  • Malware Served Through Flash Exploits By MSN Norway

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Six Security Vulnerabilities Updated By Adobe In Flash Player 9

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.