Adobe Macromedia Flash Products Contain Vulnerabilities

Systems Affected

Microsoft Windows, Mac OS X, and other operating systems that use the following products:

• Adobe Macromedia Flash Player
• Adobe Macromedia Flash
• Adobe Macromedia Flex
• Adobe Macromedia Breeze
• Adobe Macromedia Shockwave Player

Overview

There are critical vulnerabilities in Macromedia Flash player and related software that may allow an attacker to take control of your computer.

Solution

Apply Updates

Adobe has provided updates to remedy these vulnerabilities. To obtain the updates, visit the Security Bulletin. US-CERT recommends that you upgrade to the current version of your Macromedia product.

Description

Some features of Macromedia products contain critical vulnerabilities. If an attacker can convince you to open a malicious Flash file, which may be hosted on a web site, they may be able to take control of your computer or cause it to crash. The Macromedia Security Bulletin provides updates that address these vulnerabilities. For more technical information, see US-CERT Technical Cyber Security Alert TA06-075A.

References

• US-CERT Technical Cyber Security Alert TA06-075A.html - <http://www.us-cert.gov/cas/techalerts/TA06-075A.html>
• US-CERT Vulnerability Note VU#945060 - <http://www.kb.cert.org/vuls/id/945060>
• Macromedia - APSB06-03: Flash Player Update to Address Security Vulnerabilities - <http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html>
• Microsoft Security Advisory (916208) - <http://www.microsoft.com/technet/security/advisory/916208.mspx>

Feedback can be directed to the US-CERT Technical Staff.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

March 16, 2006: Initial release