The Channel logo


By | John Leyden 20th December 2007 11:19

Adobe plugs multi-platform Flash vulns

A patch in time...

Adobe has published an update fixing numerous security vulnerabilities in Adobe Flash.

Earlier versions of Flash prior to on multiple platforms (Mac OS, Linux, Windows) are subject to various security bugs that create the possibility of all sorts of mischief, including cross-site scripting attacks and information disclosure attacks. Denial of service or code injection attacks may also be possible. Several of the issues addressed involve input validation errors, which could allow an attacker to execute arbitrary code after tricking users of vulnerable Flash clients into opening content on maliciously-constructed websites.

Separately Adobe also patched bugs in its GoLive HTML editor. Exploitation of the bugs involves tricking a user into including crafted BMP, DIB, RLE or PNG content into a GoLive document. That's not the easiest exploit scenario but, since the flaws carry the possibility of injecting malicious code onto vulnerable systems, worth guarding against nonetheless. ®

comment icon Read 6 comments on this article alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe