09 Feb 2011
14 Feb 2011
Adobe Flash CS4
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
1) An integer overflow error in the ActionScript method of the built-in "Function" class can be exploited to cause a heap-based buffer overflow via specially crafted Flash content.
2) An error in a certain ActionScript method can be exploited to cause a user-supplied value to be used as an object pointer via specially crafted Flash content.
3) An unspecified error can be exploited to corrupt memory.
4) Unspecified errors can be exploited to corrupt memory.
5) Certain libraries are loaded in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening a file located on a remote WebDAV or SMB share.
6) An unspecified error exists within the font-parsing functionality.
7) Improper type checking when constructing a certain ActionScript3 object can be exploited to corrupt memory.
8) An unspecified error can be exploited to corrupt memory.
9) An unspecified error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in version 10.1.102.64 and prior.
Update to version 10.2.152.26.
Flash Player - network distribution:
Flash Professional CS5, Flash CS4 Professional, and Flex 4:
1) Vitaliy Toropov via iDefense
The vendor also credits: