Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Technical Cyber Security Alert TA08-100A archive

Adobe Flash Updates for Multiple Vulnerabilities

Original release date: April 9, 2008
Last revised: --
Source: US-CERT

Systems Affected

  • Adobe Flash Player 9.0.115.0 and earlier
  • Adobe Flash Player 8.0.39.0 and earlier

Overview

Adobe has released Security advisory APSB08-11 to address multiple vulnerabilities affecting Adobe Flash. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.


I. Description

Adobe Security Advisory APSB08-011 addresses a number of vulnerabilities affecting the Adobe Flash player. Flash player versions 9.0.115.0 and earlier and 8.0.39.0 and earlier are affected. Further details are available in the US-CERT Vulnerability Notes Database.

An attacker could exploit these vulnerabilities by convincing a user to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected.


II. Impact

The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code or conduct cross-site scripting attacks.


III. Solution

Apply Updates

Check with your operating system vendor for patches or updates. If you get the flash player from Adobe, see the Adobe Get Flash page for information about updates.

Restrict access

These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document.

IV. References


Feedback can be directed to US-CERT.

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

April 9, 2008: Initial release

Last updated April 09, 2008
print this document