|
|
|
|
|
|
| Search | ||||||||||||
| Security News | ||||||||||||
|
||||||||||||
| IT Directory | ||||||||||||
|
||||||||||||
 | |
|
2010-02-05 12:47:30 | |
|
Description:
Secunia Research has discovered a vulnerability in Windows XP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Flash Player bundled with a fully patched Windows XP SP2 and is also confirmed in an old version 6.0.79 of Adobe Flash Player. NOTE: The version of Flash Player bundled with Windows XP is also affected by a number of other vulnerabilities previously disclosed and fixed in later versions of Adobe Flash Player. Solution: Uninstall the bundled version of Flash Player and optionally install the latest supported version of Flash Player from Adobe. Provided and/or discovered by: Carsten Eiram and Dyon Balding, Secunia Research. The vendor also credits: * Will Dormann of CERT/CC. * TippingPoint and the Zero Day Initiative. Changelog: 2010-01-13: Added link to US-CERT and Microsoft advisories. Updated credits. 2010-01-25: Added CVE reference. Original Advisory: Secunia Research: http://secunia.com/secunia_research/2007-77/ Microsoft: http://www.microsoft.com/technet/security/advisory/979267.mspx US-CERT VU#204889: http://www.kb.cert.org/vuls/id/204889 Other References: How to remove the Flash Player ActiveX control: http://kb2.adobe.com/cps/127/tn_12727.html How to uninstall the Adobe Flash Player plug-in and ActiveX control: http://kb2.adobe.com/cps/141/tn_14157.html CVE reference: CVE-2010-0378 CVE-2010-0379 | |
Reference 1: Microsoft Windows Flash Adobe ActiveX
|
© 2006-2010 Heptacube Inc. |