Security Advisory
- Microsoft Windows Flash Player Multiple Vulnerabilities Reported Date: 13-01-10
Rated Level: 
Impact: System Access,Remotely Exploitable
Affected Software: Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows XP Professional
Description: A vulnerability in Windows XP, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Flash Player bundled with a fully patched Windows XP SP2 and is also confirmed in an old version 6.0.79 of Adobe Flash Player.
NOTE: The version of Flash Player bundled with Windows XP is also affected by a number of other vulnerabilities previously disclosed and fixed in later versions of Adobe Flash Player.
The vulnerability is caused due to a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Flash Player bundled with a fully patched Windows XP SP2 and is also confirmed in an old version 6.0.79 of Adobe Flash Player.
NOTE: The version of Flash Player bundled with Windows XP is also affected by a number of other vulnerabilities previously disclosed and fixed in later versions of Adobe Flash Player.
Note: Carsten Eiram and Dyon Balding, Secunia Research
Solution:
Uninstall the bundled version of Flash Player and optionally install the latest supported version of Flash Player from Adobe.
Original Advisory: Secunia Research:
http://secunia.com/secunia_research/2007-77/
Microsoft:
http://www.microsoft.com/technet/security/advisory/979267.mspx
US-CERT VU#204889:
http://www.kb.cert.org/vuls/id/204889
http://secunia.com/secunia_research/2007-77/
Microsoft:
http://www.microsoft.com/technet/security/advisory/979267.mspx
US-CERT VU#204889:
http://www.kb.cert.org/vuls/id/204889
References: How to remove the Flash Player ActiveX control:
http://kb2.adobe.com/cps/127/tn_12727.html
How to uninstall the Adobe Flash Player plug-in and ActiveX control:
http://kb2.adobe.com/cps/141/tn_14157.html
http://kb2.adobe.com/cps/127/tn_12727.html
How to uninstall the Adobe Flash Player plug-in and ActiveX control:
http://kb2.adobe.com/cps/141/tn_14157.html
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org
- Joomla Component com_party SQL Injection Vulnerability (12/03/10)
- Joomla Component com_color SQL Injection Vulnerability (12/03/10)
- Joomla Component com_gigfe Remote SQL Injection (12/03/10)
- Joomla com_products Remote Sql Injection Vulnerability (12/03/10)
- Samagraph CMS Remote SQL injection vulnerability (12/03/10)
- Eros Erotik Webkatalog start.php SQL Injection (12/03/10)
- ATutor 1.6.4 XSS Vulnerability (12/03/10)
- Skype URI Handler Input Validation vulnerability (12/03/10)
- Internet Explorer Memory Corruption Exploit - Metasploit (12/03/10)
- AneCMS CSRF Vulnerability (12/03/10)
- Copyright © 2003-2009 TriviaSecurity Team