Jump to content


Photo

Adobe multiple vulns


  • Please log in to reply
116 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 12 February 2010 - 07:15 AM

FYI...

Adobe Flash Player Domain Sandbox Bypass Vuln
- http://secunia.com/advisories/38547/
Release Date: 2010-02-12
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: Adobe AIR 1.x, Adobe Flash CS3, Adobe Flash CS4, Adobe Flash Player 10.x, Adobe Flex 3.x
Original Advisory: http://www.adobe.com.../apsb10-06.html
"...Details:
A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a potential Denial of Service issue (CVE-2010-0187).
Adobe recommends users of Adobe Flash Player 10.0.42.34 and earlier versions update to Adobe Flash Player 10.0.45.2.
- http://get.adobe.com/flashplayer/
*Adobe recommends all users of Adobe AIR version 1.5.3.9120 and earlier update to the newest version 1.5.3.9130..."

- http://get.adobe.com/air/
Revisions: February 12, 2010 - Bulletin updated with corrected version numbers for AIR.*
- http://atlas.arbor.n...ndex#1106299496
February 15, 2010 - "High Severity... Analysis: This is a serious issue that we encourage all sites to schedule an update..."

- http://web.nvd.nist....d=CVE-2010-0186
Last revised: 02/26/2010
Flash Player before 10.0.45.2, AIR before 1.5.3.9130...
CVSS v2 Base Score: 6.8 (MEDIUM)
- http://web.nvd.nist....d=CVE-2010-0187
Last revised: 02/26/2010
Flash Player before 10.0.45.2, AIR before 1.5.3.9130...
CVSS v2 Base Score: 4.3 (MEDIUM)

Adobe Products XML Processing Information Disclosure
- http://secunia.com/advisories/38543/
Release Date: 2010-02-12
Criticality level: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: Adobe BlazeDS 3.x, Adobe ColdFusion 8.x, Adobe ColdFusion 9.x, Adobe ColdFusion MX 7.x, Adobe Flex Data Services 2.x, Adobe LiveCycle 8.x, Adobe LiveCycle 9.x, Adobe LiveCycle Data Services 2.x, Adobe LiveCycle Data Services 3.x
Solution: Apply patches. Please see the vendor's advisory for required installation steps.
Original Advisory: http://www.adobe.com.../apsb10-05.html
"... Summary:
An important vulnerability (CVE-2009-3960) has been identified in BlazeDS 3.2 and earlier versions. When processing incoming requests, XML external entity references and injected tags can result in disclosure of information. This issue affects LiveCycle 9.0, 8.2.1 and 8.0.1, and ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2, which are installed with different versions of Data Services products. Adobe has provided a solution for the reported vulnerability for each affected Adobe product. It is recommended that users update their installations of each affected Adobe product to the latest version using the instructions provided..."

- http://web.nvd.nist....d=CVE-2009-3960
Last revised: 02/26/2010
BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0...
CVSS v2 Base Score: 4.3 (MEDIUM)

:ph34r:

Edited by apluswebmaster, 02 March 2010 - 05:42 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 16 February 2010 - 06:34 PM

FYI...

Adobe Reader/Acrobat critical update released
- http://www.adobe.com.../apsb10-07.html
February 16, 2010 - "... this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader 9.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.1. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3.1, Adobe has provided the Adobe Reader 8.2.1 update.
Adobe recommends users of Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.1. Adobe recommends users of Acrobat 8.2 and earlier versions for Windows and Macintosh update to Acrobat 8.2.1.
Affected software versions:
Adobe Reader 9.3 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh

Solution: Adobe Reader:
Users can utilize the product's automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now.
Adobe Reader users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Adobe Reader users on Macintosh can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com...s/reader/unix9/ (download latest update from 9.3.1 folder)...
Adobe Acrobat:
Users can utilize the product's automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Acrobat Pro Extended users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Acrobat 3D users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Acrobat Pro users on Macintosh can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Severity rating:
Adobe categorizes this as a critical update and recommends that users apply the update for their product installations..."

- http://secunia.com/advisories/38551/
Last Update: 2010-02-17
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Vendor Patch
Software: Adobe Acrobat 3D 8.x, Adobe Acrobat 8 Professional, Adobe Acrobat 8.x, Adobe Acrobat 9.x, Adobe Reader 8.x, Adobe Reader 9.x
Solution: Update to version 8.2.1 or 9.3.1.

- http://web.nvd.nist....d=CVE-2010-0188
Last revised: 02/26/2010
Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1...
CVSS v2 Base Score: 10.0 (HIGH)

- http://blog.trendmic...er-and-acrobat/
Feb. 21, 2010

:ph34r: :ph34r:

Edited by apluswebmaster, 02 March 2010 - 05:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 23 February 2010 - 09:22 PM

FYI...

Adobe Download Manager - critical update
- http://www.adobe.com.../apsb10-08.html
February 23, 2010 - "Summary:
A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system. Users, who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions in the Solution section below.
Affected software versions: Adobe Download Manager on Windows (prior to February 23, 2010)
> Solution:
Users, who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below:
• Ensure that the C:\Program Files\NOS\ folder and its contents ("NOS files") are not present on your system. (If the folder is present, follow the steps below to remove).
• Click "Start" > "Run" and type "services.msc". Ensure that "getPlus® Helper" is not present in the list of services.
If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
• Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
-OR-
• Clicking "Start" > "Run" and typing "services.msc". Then deleting "getPlus® Helper" from the list of services.
• Then delete the C:\Program Files\NOS\ folder and its contents.
This issue is resolved as of February 23, 2010, and no action is required for future downloads of Adobe Reader from http://get.adobe.com/reader/ or Adobe Flash Player from http://get.adobe.com/flashplayer/.
> Severity rating:
Adobe categorizes this as a critical update. Users can remove potentially vulnerable installations of the Adobe Download Manager using the instructions in the Solution section above.
Details:
A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system.
The Adobe Download Manager is intended for one-time use. The Adobe Download Manager is designed to remove itself from the computer after use at the next computer restart. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine using the instructions in the Solution section above."

- http://web.nvd.nist....d=CVE-2010-0189
Last revised: 03/02/2010
getPlus Download Manager (aka DLM or Downloader) 1.5.2.35...
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/38729/
Release Date: 2010-02-24
Criticality level: Highly critical
Impact: System access
Where: From remote
Software: Adobe GetPlus DLM 1.x
Original Advisory: Adobe:
http://www.adobe.com.../apsb10-08.html

- http://blog.trendmic...ad-manager-bug/
Feb. 24, 2010

- http://labs.idefense...play.php?id=856
02.23.10
... DISCLOSURE TIMELINE
06/09/2009 Initial Vendor Notification
06/09/2009 Initial Vendor Reply
02/23/2010 Coordinated Public Disclosure

:ph34r:

Edited by apluswebmaster, 02 March 2010 - 05:14 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 08 April 2010 - 09:42 PM

FYI...

Security Advisory for Adobe Reader and Acrobat
- http://www.adobe.com.../apsb10-09.html
April 8, 2010 - "Adobe is planning to release updates for Adobe Reader 9.3.1 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.1 for Windows and Macintosh, and Adobe Reader 8.2.1 and Acrobat 8.2.1 for Windows and Macintosh to resolve critical security issues. Adobe expects to make these quarterly updates available on April 13, 2010. Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt * ..."

- http://web.nvd.nist....d=CVE-2009-4764
- http://web.nvd.nist....d=CVE-2010-1240
- http://web.nvd.nist....d=CVE-2010-1241

* http://blogs.adobe.c...rterly_s_2.html
April 8, 2010 - "A Security Advisory has been posted in regards to the upcoming Adobe Reader and Acrobat updates scheduled for April 13, 2010. The updates will address critical security issues in the products. This quarterly security update will be made available for Windows, Macintosh and UNIX. With this quarterly update, we are enabling the new updater first shipped in a passive state with the October quarterly security update. For more information, please refer to the Adobe Reader blog**...."

** http://blogs.adobe.c...r_and_acro.html
April 8, 2010

:ph34r:

Edited by apluswebmaster, 13 April 2010 - 08:29 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 13 April 2010 - 01:42 PM

FYI...

Security update available for Adobe Reader and Acrobat
- http://www.adobe.com.../apsb10-09.html
April 13, 2010 - "... Adobe recommends users of Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.2. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.2, Adobe has provided the Adobe Reader 8.2.2 update.) Adobe recommends users of Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.2. Adobe recommends users of Acrobat 8.2.1 and earlier versions for Windows and Macintosh update to Acrobat 8.2.2...
... Users can utilize the product's automatic update feature...
... users on Windows/Macintosh can also find the appropriate update here:
- http://www.adobe.com...wnloads/new.jsp
... Unix users here:
- http://www.adobe.com...s/reader/unix9/
(download latest update from 9.3.2 folder)

CVE numbers: CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193, CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197, CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202, CVE-2010-0203, CVE-2010-0204, CVE-2010-1241
Platform: All Platforms

- http://secunia.com/advisories/39272/
Release Date: 2010-04-14
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Software: Adobe Acrobat 3D 8.x, Adobe Acrobat 8 Professional, Adobe Acrobat 8.x, Adobe Acrobat 9.x, Adobe Reader 8.x, Adobe Reader 9.x
Solution: Update to version 9.3.2 or 8.2.2.

- http://atlas.arbor.n...index#-69029221
April 20, 2010 - "Analysis: We have seen exploit code used for some of these bugs, most notably with the Zeus botnet. We encourage all sites to update their Adobe PDF viewers immediately to address these issues."

:ph34r:

Edited by apluswebmaster, 21 April 2010 - 06:53 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 30 April 2010 - 08:56 PM

FYI...

Security issues in Adobe Photoshop CS4 11.0.0
- http://www.adobe.com.../apsb10-10.html
April 30, 2010 - "Critical vulnerabilities have been identified in Photoshop CS4 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system... Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.1 using the instructions below.
To verify the version of Adobe Photoshop CS4 currently installed, choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To check for updates, choose Help > Updates from the Adobe Photoshop menu bar.
Photoshop CS4 customers can also find the Photoshop CS4 11.0.1 update for Windows or Macintosh here:
Adobe Photoshop CS4 11.0.1 update for Windows
- http://www.adobe.com....jsp?ftpID=4292
Adobe Photoshop CS4 11.0.1 update for Macintosh
- http://www.adobe.com....jsp?ftpID=4291
Note: These issues do not affect Photoshop CS5..."

- http://www.adobe.com...wnloads/new.jsp

Adobe Photoshop CS4 TIFF File Processing vuln - update available
- http://secunia.com/advisories/39711/
Release Date: 2010-05-03
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to Photoshop CS4 11.0.1.

Adobe Photoshop -CS3- TIFF File Processing Vuln
- http://secunia.com/advisories/39709/
Release Date: 2010-05-05
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: -Unpatched-
Solution: Upgrade to a higher version.

:ph34r: :ph34r:

Edited by apluswebmaster, 05 May 2010 - 07:13 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 11 May 2010 - 08:55 PM

FYI...

Shockwave Player v11.5.7.609 released
- http://www.adobe.com.../apsb10-12.html
May 11, 2010 - "... Summary:
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.6.606 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609, using the instructions provided below.
Affected software versions: Shockwave Player 11.5.6.606 and earlier versions for Windows and Macintosh
Solution: Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions upgrade to the newest version 11.5.7.609, available here:
- http://get.adobe.com/shockwave/
CVE number: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292
Platform: Windows and Macintosh

Adobe Shockwave Player Multiple Vulnerabilities
- http://secunia.com/advisories/38751/

Hotfixes available for ColdFusion
- http://www.adobe.com.../apsb10-11.html
May 11, 2010 - "... Summary:
Important vulnerabilities have been identified in ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX. The vulnerabilities could lead to cross-site scripting and information disclosure.
Affected software versions: ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the following link:
- http://kb2.adobe.com...psid_84102.html
CVE number: CVE-2009-3467, CVE-2010-1293, CVE-2010-1294
Platform: All Platforms ..."

Adobe ColdFusion Cross-Site Scripting and Information Disclosure
- http://secunia.com/advisories/39790/

:ph34r:

Edited by apluswebmaster, 12 May 2010 - 06:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 26 May 2010 - 08:13 PM

FYI...

Photoshop CS4 v11.0.2 - security update
- http://www.adobe.com.../apsb10-13.html
May 26, 2010 - "Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system... Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2, which resolves these issues.
Note: None of these issues affect Photoshop CS5.
To verify the version of Adobe Photoshop CS4 currently installed, choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To check for updates,
choose Help > Updates from the Adobe Photoshop menu bar.
Photoshop CS4 customers can also find the Photoshop CS4 11.0.2 update for Windows or Macintosh here:
* Adobe Photoshop CS4 11.0.2 update for Windows
- http://www.adobe.com....jsp?ftpID=4713
* Adobe Photoshop CS4 11.0.2 update for Macintosh
- http://www.adobe.com....jsp?ftpID=4712 ..."

- http://secunia.com/advisories/39934/
Release Date: 2010-05-27
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 11.0.2...

- http://web.nvd.nist....d=CVE-2010-1296
Last revised: 05/27/2010

:ph34r:

Edited by apluswebmaster, 28 May 2010 - 05:00 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 10 June 2010 - 06:28 PM

FYI...

Adobe Flash v 10.1.53.64 released
- http://www.adobe.com.../apsb10-14.html
June 10, 2010 - "... Adobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64* by downloading it from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted... Adobe recommends users of Adobe Flash Player 10.0.45.2 and earlier versions update to Adobe Flash Player 10.1.53.64...
CVE number: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189 ...
* http://www.adobe.com...o/instructions/

- http://web.nvd.nist....d=CVE-2010-1297
Last revised: 06/25/2010
CVSS v2 Base Score: 9.3 (HIGH)

Direct download current version - executable Flash Player installer...
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Test after install:
- http://www.adobe.com...re/flash/about/

... For users who cannot update to Flash Player 10.1.53.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.277.0:
- http://kb2.adobe.com...6/kb406791.html
2010-06-10

- http://atlas.arbor.n...ndex#-151014831
Severity: Extreme Severity
... Exploit code is in circulation in the wild. Adobe has released APSB10-14 to address this issue.
Analysis: This is a key update for all Adobe users, and we encourage all sites to update as soon as possible.

- http://securitytrack...un/1024085.html
Jun 11 2010

- http://secunia.com/advisories/40026/
Last Update : 2010-06-11
Criticality level: Extremely critical
Impact: Cross Site Scripting, System access
Where: From remote ...
Solution: Update to version 9.0.277.0 or 10.1.53.64.

Adobe AIR v2.0.2.12610
- http://get.adobe.com/air/
... http://secunia.com/advisories/40144/
Release Date: 2010-06-11
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Solution: Upgrade to version 2.0.2.12610...

- http://www.adobe.com.../apsa10-01.html
Last updated: June 10, 2010 - "... We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010..."

:ph34r: :ph34r:

Edited by apluswebmaster, 26 June 2010 - 10:54 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 29 June 2010 - 04:44 PM

FYI...

Adobe Reader/Acrobat v9.3.3 released
- http://www.adobe.com.../apsb10-15.html
June 29, 2010 - CVE numbers: CVE-2010-1240, CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206, CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, CVE-2010-2212
Platform: All Platforms
Summary: Critical vulnerabilities have been identified in Adobe Reader/Acrobat 9.3.2... Adobe recommends users of Adobe Reader/Acrobat 9.3.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader/Acrobat 9.3.3. (For Adobe Reader/Acrobat users on Windows and Macintosh, who cannot update to Adobe Reader/Acrobat 9.3.3, Adobe has provided the Adobe Reader/Acrobat 8.2.3 update.)...
Adobe Reader/Acrobat - Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates...

- http://www.adobe.com...wnloads/new.jsp

- http://secunia.com/advisories/40034/
Last Update: 2010-06-30
Criticality level: Extremely critical
Impact: System access
Where: From remote ...
NOTE: The vulnerability is currently being actively exploited...
Solution: Update to version 9.3.3 or 8.2.3.

- http://securitytrack...un/1024159.html
Jun 29 2010

- http://web.nvd.nist....d=CVE-2010-1240
Last revised: 07/02/2010
CVSS v2 Base Score: 9.3 (HIGH)
"... Acrobat 9.x before 9.3.3, and 8.x before 8.2.3..."
- http://isc.sans.edu/...ml?storyid=9112
Last Updated: 2010-07-02 02:43:08 UTC

:!:

Edited by apluswebmaster, 02 July 2010 - 06:37 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 10 August 2010 - 08:33 PM

FYI...

Adobe Flash Player / Adobe AIR - critical updates
- http://www.adobe.com.../apsb10-16.html
August 10, 2010 - "Critical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe recommends users of Adobe AIR 2.0.2.12610 and earlier versions update to Adobe AIR 2.0.3.
CVE number: CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216
Affected software versions:
• Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris
• Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux...
For users who cannot update to Flash Player 10.1.82.76, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.280, which can be downloaded from here*...
Adobe recommends all users of Adobe AIR 2.0.2.12610 and earlier versions update to the newest version 2.0.3 by downloading it from the Adobe AIR Download Center:
- http://get.adobe.com/air/

* http://kb2.adobe.com...6/kb406791.html

Direct download current version - executable Flash Player installer...
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
... should read: "You have version 10,1,82,76 installed"
___

Adobe Flash Media Server - critical update
- http://www.adobe.com.../apsb10-19.html
August 10, 2010
CVE number: CVE-2010-2217, CVE-2010-2218, CVE-2010-2219, CVE-2010-2220
Platform: Windows, Linux ...
___

Hotfix available for ColdFusion
- http://www.adobe.com.../apsb10-18.html
August 10, 2010
Affected software versions: ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote**...
Severity rating: Adobe categorizes this as an important update...
** http://kb2.adobe.com...psid_85766.html
___

http://www.securityt....com/id?1024313 - Flash Player
http://www.securityt....com/id?1024315 - Flash Media Server
http://www.securityt....com/id?1024314 - ColdFusion
Aug 10 2010

!

Edited by apluswebmaster, 23 August 2010 - 09:40 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 22 August 2010 - 03:22 AM

FYI...

Adobe Reader/Acrobat v9.3.4 released
- http://www.adobe.com.../apsb10-17.html
August 19, 2010
CVE numbers:
- http://web.nvd.nist....d=CVE-2010-2862
- http://web.nvd.nist....d=CVE-2010-1240
Platform: All Platforms
Summary: Critical vulnerabilities have been identified in Adobe Reader 9.3.3 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.3 (and earlier versions) and Adobe Acrobat 8.2.3 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system... Adobe recommends users of Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.4. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.4, Adobe has provided the Adobe Reader 8.2.4 update*.) Adobe recommends users of Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.4. Adobe recommends users of Adobe Acrobat 8.2.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.4...
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).
These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240)...
Users can utilize the product's update mechanism...
* http://www.adobe.com...wnloads/new.jsp

:ph34r:

Edited by apluswebmaster, 22 August 2010 - 07:50 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 25 August 2010 - 05:42 AM

FYI...

Shockwave Player v11.5.8.612 released
- http://www.adobe.com.../apsb10-20.html
August 24, 2010
CVE number: CVE-2010-2863, CVE-2010-2864, CVE-2010-2865, CVE-2010-2866, CVE-2010-2867, CVE-2010-2868, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2879, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882
Platform: Windows and Macintosh
Summary: Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.7.609 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions update to Adobe Shockwave Player 11.5.8.612...
Solution: Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions upgrade to the newest version 11.5.8.612, available here: http://get.adobe.com/shockwave/ ...

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 20 September 2010 - 02:46 PM

FYI...

Adobe Flash Player v10.1.85.3 released
- http://www.adobe.com.../apsb10-22.html
Sep. 20, 2010 - "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh... Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1... Users of Flash Player for Android version 10.1.92.10 and earlier can update to Flash Player version 10.1.95.1 by browsing to the Android Marketplace on an Android phone. For users who cannot update to Flash Player 10.1.85.3, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.283, which can be downloaded here*..."
* http://www.adobe.com/go/kb406791

- http://get.adobe.com/flashplayer/
___

Direct download current version - executable Flash Player installer...
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
... should read: "You have version 10,1,85,3 installed"
___

- http://secunia.com/advisories/41434/
Last updated 2010-09-21
Criticality level: Extremely critical
Solution: Update to version 9.0.283 or 10.1.85.3...

:ph34r:

Edited by apluswebmaster, 21 September 2010 - 07:42 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 05 October 2010 - 07:01 PM

FYI...

Adobe Reader/Acrobat v9.4 update available
- http://www.adobe.com.../apsb10-21.html
October 5, 2010 - "Critical vulnerabilities have been identified in Adobe Reader 9.3.4 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.4 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.4 (and earlier versions) and Adobe Acrobat 8.2.4 (and earlier versions) for Windows and Macintosh... Adobe recommends users of Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.4. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.4, Adobe has provided the Adobe Reader 8.2.5 update.) Adobe recommends users of Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4. Adobe recommends users of Adobe Acrobat 8.2.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.5... Adobe Reader Users on Windows and Macintosh can utilize the product's update mechanism..."
CVE Numbers: CVE-2010-2883, CVE-2010-2884, CVE-2010-2887, CVE-2010-2888, CVE-2010-2889, CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621, CVE-2010-3622, CVE-2010-3623, CVE-2010-3624, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627, CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3631, CVE-2010-3632, CVE-2010-3656, CVE-2010-3657, CVE-2010-3658
"... Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5..."

- http://www.adobe.com...wnloads/new.jsp
10/5/2010

- http://secunia.com/advisories/41340/
Last Update: 2010-10-06
Criticality level: Extremely critical
Impact: System access ...
"... NOTE: The vulnerability is currently being actively exploited..."
Solution: Update to version 8.2.5 and 9.4...

- http://www.securityt....com/id?1024511
Oct 6 2010

:ph34r:

Edited by AplusWebMaster, 08 October 2010 - 01:46 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 28 October 2010 - 02:30 PM

FYI...

Shockwave v11.5.9.615 released
- http://www.adobe.com.../apsb10-25.html
CVE number: CVE-2010-2581, CVE-2010-2582, CVE-2010-3653, CVE-2010-3655, CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089, CVE-2010-4090
October 28, 2010 - "Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems... Adobe recommends users of Adobe Shockwave Player 11.5.8.612 and earlier versions upgrade to the newest version 11.5.9.615, available here:
- http://get.adobe.com/shockwave/ ..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 04 November 2010 - 06:00 PM

FYI...

Flash Media Server multiple vulns - update available
- http://secunia.com/advisories/42157/
Release Date: 2010-11-10
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote ...
Solution: Update to Flash Media Server version 3.0.7, 3.5.5, or 4.0.1.
Original Advisory: APSB10-27:
http://www.adobe.com.../apsb10-27.html
CVE-2010-3633, CVE-2010-3634, CVE-2010-3635
___

Flash v10.1.102.64 released
- http://www.adobe.com.../apsa10-05.html
Last updated: November 4, 2010 - "A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android... Adobe recommends... update to Adobe Flash Player 10.1.102.64. For More information, please refer to Security Bulletin APSB10-26*..."
* http://www.adobe.com.../apsb10-26.html
Release date: November 4, 2010
CVE number: CVE-2010-3636, CVE-2010-3637, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976
Platform: All Platforms...
Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64... users who cannot update to Flash Player 10.1.102.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.289.0, which can be downloaded from: http://www.adobe.com/go/kb406791 ..."

- http://www.adobe.com.../apsb10-26.html
Last updated: November 9, 2010 - "... Users of Flash Player for Android version 10.1.95.1 and earlier can update to Flash Player version 10.1.105.6 by browsing to the Android Marketplace on an Android phone*..."
* http://market//detai...obe.flashplayer
___

Direct download current version - executable Flash Player installer...
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
... should read: "You have version 10,1,102,64 installed"
___

- http://www.securityt....com/id?1024685
Nov 5 2010
___

Flash Update plugs 18 security holes
- http://krebsonsecuri...security-holes/
v10.1.102.64 ...

:ph34r: :ph34r:

Edited by AplusWebMaster, 10 November 2010 - 12:11 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 16 November 2010 - 04:14 PM

FYI...

Adobe Reader/Acrobat v9.4.1 released
- http://www.adobe.com.../apsb10-28.html
November 16, 2010 - "Critical vulnerabilities... Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1...
Adobe Reader/Acrobat: Users on Windows and Macintosh can utilize the product's update mechanism..."
CVE numbers:
- http://web.nvd.nist....d=CVE-2010-3654
CVSS v2 Base Score: 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2010-4091
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.adobe.com...wnloads/new.jsp
11/16/2010

:!:

Edited by AplusWebMaster, 16 November 2010 - 04:26 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 19 November 2010 - 07:18 AM

FYI...

Adobe Reader X released
- http://www.adobe.com...tech-specs.html

- http://www.adobe.com...r/features.html

- http://get.adobe.com.../otherversions/

- http://www.adobe.com...cts/reader.html

- http://www.adobe.com...wnloads/new.jsp
11/18/2010

- http://isc.sans.edu/...ml?storyid=9976
Last Updated: 2010-11-19 17:45:42 UTC - "... This is the version of Reader that has sandbox feature built-in, there is now a degree of separation between the OS and the potentially malicious PDF files. The same sandbox mechanism had been implemented in Google Chrome and also MS Office. Containment of the harmful files lessen the damage should a successful attack were to happen..."

- http://en.wikipedia....puter_security)

:ph34r: :!:

Edited by AplusWebMaster, 19 November 2010 - 01:54 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 04 December 2010 - 02:20 AM

FYI...

Adobe Illustrator CS5 v15.0.2 released
- http://www.adobe.com.../apsb10-29.html
December 3, 2010 - Vulnerability identifier: APSB10-29
CVE number: CVE-2010-3152
"An important library-loading vulnerability has been identified in Adobe Illustrator CS5 15.0.1 and earlier on the Windows platform... Adobe recommends Adobe Illustrator CS5 users update their installation using the instructions provided here*...
Severity rating: Adobe categorizes this as a -important- update and recommends that users apply the latest update for their product installation..."
* http://www.adobe.com....jsp?ftpID=4910
"Adobe Illustrator 15.0.2 update addresses a number of issues related to stability, including the following:
PSD files lose saturation of spot colors when imported into AiCS5
Performance problems when guides are set to dot
Acrobat 10 documents with passwords fail to open
Improved precision with DXF import
Links are broken in legacy formats when image name contains Japanese characters for voiced sound marks
Rounded Corner Edges that curved inside flipped to curve outside
Non-Specific Crash when opening or closing files
Security Issues ..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 13 December 2010 - 07:37 AM

FYI...

Adobe Photoshop v12.0.2 released
- http://secunia.com/advisories/42492/
Release Date: 2010-12-13
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
... The vulnerabilities are reported in versions prior to CS5 12.0.2.
Solution: Update to version CS5 12.0.2...
Original Advisory:
http://www.adobe.com....jsp?ftpID=4893

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 19 December 2010 - 06:26 AM

FYI...

Adobe Photoshop CS5 - Security update
- http://www.adobe.com.../apsb10-30.html
December 17, 2010 - "An important library-loading vulnerability has been identified in Adobe Photoshop CS5 12.0.1 and earlier on the Windows platform. Adobe recommends users update their Adobe Photoshop CS5 installations..."
CVE number: CVE-2010-3127

Adobe Photoshop 12.0.3 update
- http://www.adobe.com....jsp?ftpID=4949
"... Adobe Photoshop 12.0.3 update fixes a number of high priority bugs including tool tips on Windows XP, painting performance and type-related issues. This update is recommended for all Windows users..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 08 February 2011 - 05:58 PM

FYI...

Security updates - Adobe Reader and Acrobat
- http://www.adobe.com.../apsb11-03.html
February 8, 2011
CVE Numbers: CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0564, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0568, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0604, CVE-2011-0605, CVE-2011-0606
"Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations. Adobe recommends users of Adobe Reader X (10.0) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.0.1), available now. Adobe recommends users of Adobe Reader 9.4.1 for UNIX update to Adobe Reader 9.4.2, expected to be available by the week of February 28, 2011. For users of Adobe Reader 9.4.1 and earlier versions for Windows and Macintosh who cannot update to Adobe Reader X (10.0.1), Adobe has made available updates, Adobe Reader 9.4.2 and Adobe Reader 8.2.6. Adobe recommends users of Adobe Acrobat X (10.0) for Windows and Macintosh update to Adobe Acrobat X (10.0.1). Adobe recommends users of Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.2, and users of Adobe Acrobat 8.2.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.6...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates..."

- http://secunia.com/advisories/43207/
Release Date: 2011-02-09
Criticality level: Highly critical
Impact: Cross Site Scripting, Privilege escalation, System access
Where: From remote ...
Solution: Update to version 8.2.6, 9.4.2, or 10.0.1.
___

• Full Download/Updates-Programs/Add-ons...
- http://www.adobe.com...latform=Windows
___

ColdFusion - Hotfix available...
- http://www.adobe.com.../apsb11-04.html
February 8, 2011 - "Important vulnerabilities have been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. These vulnerabilities could lead to cross-site scripting, Session Fixation, CRLF injection and information disclosure... Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
- http://kb2.adobe.com...psid_89094.html

- http://secunia.com/advisories/43264/
Release Date: 2011-02-09
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of sensitive information
Where: From remote...
Solution: Apply the Hotfix.
Original Advisory: Adobe (APSB11-04):
http://www.adobe.com.../apsb11-04.html

:ph34r: :ph34r:

Edited by AplusWebMaster, 10 February 2011 - 06:58 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 08 February 2011 - 09:34 PM

FYI...

Adobe Flash Player - Security update
- http://www.adobe.com.../apsb11-02.html
February 8, 2011
CVE Numbers: CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608
"Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.152.26..."

Direct download current version - executable Flash Player installer...
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
... should read: "You have version 10,2,152,26 installed"

- http://secunia.com/advisories/43267/
Release Date: 2011-02-09
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 10.2.152.26.

- http://www.securityt....com/id/1025055
Feb 9 2011
___

Shockwave Player - Security update
- http://www.adobe.com.../apsb11-01.html
February 8, 2011
CVE number: CVE-2010-2587, CVE-2010-2588, CVE-2010-2589, CVE-2010-4092, CVE-2010-4093, CVE-2010-4187, CVE-2010-4188, CVE-2010-4189, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, CVE-2010-4193, CVE-2010-4194, CVE-2010-4195, CVE-2010-4196, CVE-2010-4306, CVE-2010-4307, CVE-2011-0555, CVE-2011-0556, CVE-2011-0557, CVE-2011-0569
"Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions update to Adobe Shockwave Player 11.5.9.620... Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions upgrade to the newest version 11.5.9.620, available here:
- http://get.adobe.com/shockwave ..."

- http://www.securityt....com/id/1025056
Feb 9 2011

:ph34r: :ph34r:

Edited by AplusWebMaster, 10 February 2011 - 06:58 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 21 March 2011 - 08:55 PM

FYI...

- http://www.adobe.com.../apsa11-01.html
March 21, 2011 - Updated with information on Security Bulletin APSB11-05 and Security Bulletin APSB11-06

Flash Player v10.2.153.1 released
- http://www.adobe.com.../apsb11-05.html
March 21, 2011 - "A critical vulnerability has been identified in Adobe Flash Player 10.2.152.33 and earlier... Adobe recommends users of Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris operating systems update to Adobe Flash Player 10.2.153.1..."

Direct download current version - executable Flash Player installer...
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
... should read: "You have version 10,2,153,1 installed"
___

Adobe Reader, Acrobat updates released
- http://www.adobe.com.../apsb11-06.html
March 21, 2011 - "A critical vulnerability has been identified in the authplay.dll component that ships with Adobe Reader and Acrobat...
> Adobe recommends users of Adobe Reader X (10.0.1) for Macintosh update to Adobe Reader X (10.0.2). For users of Adobe Reader 9.4.2 for Windows and Macintosh, Adobe has made available the update, Adobe Reader 9.4.3...
> Adobe recommends users of Adobe Acrobat X (10.0.1) for Windows and Macintosh update to Adobe Acrobat X (10.0.2). Adobe recommends users of Adobe Acrobat 9.4.2 for Windows and Macintosh update to Adobe Acrobat 9.4.3...
> Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
> Adobe Reader 9.x users on Windows can also find the appropriate update here:
http://www.adobe.com...atform=Windows.
> Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com...form=Macintosh.
... Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011..."
___

- http://www.us-cert.g...h_player_update
March 21, 2011
- http://www.us-cert.g...ty_updates_for7
March 22, 2011
___

Adobe AIR ...
- http://www.securityt....com/id/1025238
CVE Reference: http://web.nvd.nist....d=CVE-2011-0609
Date: Mar 22 2011
"... The vendor has issued a fix (2.6)..."
- http://get.adobe.com/air/

:ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster, 22 March 2011 - 03:39 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 15 April 2011 - 01:55 PM

FYI...

Flash Player v10.2.159.1 released
- http://www.adobe.com.../apsb11-07.html
April 15, 2011 - "A critical vulnerability has been identified in Adobe Flash Player 10.2.153.1 and earlier versions... Adobe recommends... update to Adobe Flash Player 10.2.159.1..."

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
... should read: "You have version 10,2,159,1 installed"

:!: :ph34r:

Edited by AplusWebMaster, 15 April 2011 - 03:08 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 21 April 2011 - 02:23 PM

FYI...

Adobe Reader, Acrobat security updates
- http://www.adobe.com.../apsb11-08.html
CVE number: CVE-2011-0611, CVE-2011-0610
April 21,2011 - "Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems... Adobe recommends users of Adobe Reader X (10.0.2) for Macintosh update to Adobe Reader X (10.0.3). For users of Adobe Reader 9.4.3... update (to) Adobe Reader 9.4.4... Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
Adobe Reader 9.x users on Windows can also find the appropriate update here:
- http://www.adobe.com...atform=Windows.
Adobe Reader 10.x and 9.x users on Macintosh can also find the appropriate update here:
- http://www.adobe.com...tform=Macintosh ..."

- http://secunia.com/advisories/44149/
Last Update: 2011-04-22
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-0610
- http://web.nvd.nist....d=CVE-2011-0611
Last revised: 05/03/2011
CVSS v2 Base Score: 9.3 (HIGH)
Solution: Update to version 9.4.4 or 10.0.3

- http://www.securityt....com/id/1025434
Apr 22 2011

:!: :ph34r:

Edited by AplusWebMaster, 10 May 2011 - 11:56 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 03 May 2011 - 06:18 AM

FYI...

Adobe Photoshop CS5 12.0.4 released
- http://secunia.com/advisories/44419/
Release Date: 2011-05-03
Criticality level: Moderately critical
Impact: Unknown
Where: From remote ...
Software: Adobe Photoshop CS5 12.x
... The vulnerabilities are reported in versions -prior- to CS5 12.0.4.
Solution: Update to version CS5 12.0.4...
Original Advisory: http://www.adobe.com....jsp?ftpID=4973
"... A number of potential security vulnerabilities have been addressed..."

- http://www.securityt....com/id/1025483
May 4 2011

:!: :ph34r:

Edited by AplusWebMaster, 05 May 2011 - 01:45 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 12 May 2011 - 08:26 PM

FYI...

APSB11-09 – Security update available for RoboHelp (Important Severity)
- http://www.adobe.com.../apsb11-09.html
APSB11-10 – Security update available for Audition (Critical Severity)
- http://www.adobe.com.../apsb11-10.html
APSB11-11 – Security update available for Flash Media Server (FMS) (Critical Severity)
- http://www.adobe.com.../apsb11-11.html
APSB11-12 – Security update available for Flash Player (Critical Severity)
- http://www.adobe.com.../apsb11-12.html
May 12, 2011
CVE number: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627*
Platform: All Platforms
"Critical vulnerabilities have been identified... Adobe recommends users of Adobe Flash Player 10.2.159.1 and earlier versions... update to Adobe Flash Player 10.3.181.14..."

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
... should read: "You have version 10,3,181,14 installed"

- http://www.securityt....com/id/1025533
May 13 2011 - "... One of the vulnerabilities [CVE-2011-0627] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment..."
* http://web.nvd.nist....d=CVE-2011-0627
Last revised: 05/16/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... before 10.3.181.14 on Windows..."
____

Local settings manager (new in desktop only)
- http://www.adobe.com...ures/index.html
"... Flash Player 10.3 integrates control of local storage with the browser's privacy settings... Users can access the Flash Player Settings Manager directly from the Control Panel or System Preferences..."
___

- http://secunia.com/advisories/44480/ - RoboHelp
- http://www.securityt....com/id/1025530 - Audition
- http://secunia.com/advisories/44589/ - Flash Media Server
- http://secunia.com/advisories/44590/ - Flash
Release Date: 2011-05-13
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Original Advisory: Adobe (APSB11-12):
http://www.adobe.com.../apsb11-12.html

:!:

Edited by AplusWebMaster, 23 May 2011 - 03:38 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 24 May 2011 - 12:00 PM

FYI...

Adobe Photoshop v12.0.4 released
- http://securitytracker.com/id?1025483
Updated: May 23 2011

- http://secunia.com/advisories/44419/
"... vulnerabilities are reported in versions prior to CS5 12.0.4..."

- http://www.adobe.com....jsp?ftpID=4973

- http://web.nvd.nist....d=CVE-2011-2164
Last revised: 05/24/2011
CVSS v2 Base Score: 10.0 (HIGH)

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 05 June 2011 - 11:26 PM

FYI...

Prenotification Security Advisory for Adobe Reader and Acrobat
- http://www.adobe.com.../apsb11-16.html
June 9, 2011 - "Adobe is planning to release updates for Adobe Reader X (10.0.1) for Windows and Adobe Reader X (10.0.3) for Macintosh; Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh; Adobe Acrobat X (10.0.3) for Windows and Macintosh; and Adobe Acrobat 9.4.2 and earlier versions for Windows and Macintosh to resolve critical security issues. Adobe expects to make these updates available on Tuesday, June 14, 2011..."
___

Flash v10.3.181.2x released
- http://www.adobe.com.../apsb11-13.html
Revisions:
June 8, 2011 - Updated with information on Adobe Reader and Acrobat
June 7, 2011 - Updated with information on Android update.
June 5, 2011 - CVE-2011-2107
Summary: An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being actively exploited in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message...
Solution: Adobe recommends all users... update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX)..."

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/
___

- http://web.nvd.nist....d=CVE-2011-2107
Last revised: 06/09/2011

- http://secunia.com/advisories/44846/
Impact: Cross Site Scripting
Where: From remote...
Solution: Update to Flash Player version 10.3.181.22 (10.3.181.23 for ActiveX).

- http://www.securityt....com/id/1025603
Jun 6 2011 - CVE-2011-2107
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Solution: The vendor has issued a fix (10.3.181.22; 10.3.181.23 for ActiveX; 10.3.185.22 for Android). The Android fix will be available the week of June 6, 2011.

:!:

Edited by AplusWebMaster, 09 June 2011 - 08:39 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 14 June 2011 - 06:10 PM

FYI...

Adobe - multiple critical updates

Flash Player- critical update
- http://www.adobe.com.../apsb11-18.html
June 14, 2011 - "A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions... Adobe recommends... update to Adobe Flash Player 10.3.181.26... Note:... does -not- affect the Authplay.dll component that ships with Adobe Reader and Acrobat..."
CVE number: CVE-2011-2110
Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/

- http://web.nvd.nist....d=CVE-2011-2110
Last revised: 06/17/2011
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/44964/
Release Date: 2011-06-15
Criticality level: Extremely critical...
NOTE: The vulnerability is reportedly being actively exploited in targeted attacks... 10.3.181.23 and earlier...
Solution: Apply updates... (10.3.181.26)...
___

Reader and Acrobat - critical updates
- http://www.adobe.com.../apsb11-16.html
June 14, 2011 - "Critical vulnerabilities have been identified in Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier...
Adobe recommends users of Adobe Reader X (10.0.3) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1). For users of Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1), Adobe has made available updates, Adobe Reader 9.4.5 and Adobe Reader 8.3...
Adobe recommends users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3... Users can utilize the product's update mechanism..."
CVE numbers: CVE-2011-2094, CVE-2011-2095, CVE-2011-2096, CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2100, CVE-2011-2101, CVE-2011-2102, CVE-2011-2103, CVE-2011-2104, CVE-2011-2105, CVE-2011-2106
... before 8.3, 9.x before 9.4.5, and 10.x before 10.1...
- http://www.securityt....com/id/1025658
June 14 2011
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network...
Version(s): 8.x - 8.2.6, 9.x - 9.4.4, 10.x - 10.0.3
Solution: The vendor has issued a fix (8.3, 9.4.5, 10.1).
___

Shockwave Player - critical update
- http://www.adobe.com.../apsb11-17.html
June 14, 2011 - "Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.620 and earlier versions... Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions upgrade to the newest version 11.6.0.626, available here: http://get.adobe.com/shockwave/ "
CVE number: CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2108, CVE-2011-2109, CVE-2011-2111, CVE-2011-2112, CVE-2011-2113, CVE-2011-2114, CVE-2011-2115, CVE-2011-2116, CVE-2011-2117, CVE-2011-2118, CVE-2011-2119, CVE-2011-2120, CVE-2011-2121, CVE-2011-2122, CVE-2011-2123, CVE-2011-2124, CVE-2011-2125, CVE-2011-2126, CVE-2011-2127
___

Hotfix available for ColdFusion
- http://www.adobe.com.../apsb11-14.html
June 14, 2011 - "Important vulnerabilities have been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. These vulnerabilities could lead to a cross-site request forgery (CSRF) or a remote denial-of-service (DoS). Adobe recommends users update their product...
Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
- http://kb2.adobe.com...psid_90784.html ..."
CVE number: CVE-2011-0629, CVE-2011-2091
___

LiveCycle Data Services, LiveCycle ES, and BlazeDS - Security update
- http://www.adobe.com.../apsb11-15.html
June 14, 2011 - "Two important security vulnerabilities have been identified in LiveCycle Data Services and BlazeDS. These vulnerabilities affect LiveCycle Data Services 3.1, 2.6.1, 2.5.1 and earlier versions for Windows, Macintosh and UNIX, and LiveCycle 9.0.0.2, 8.2.1.3, 8.0.1.3 and earlier versions for Windows, Linux and UNIX. These vulnerabilities also affect BlazeDS 4.0.1 and earlier versions. Adobe recommends users update their product...
Solution... " Use the URL above for instructions and links.
CVE number: CVE-2011-2092, CVE-2011-2093

:!: :!: :!: :!: :!:

Edited by AplusWebMaster, 20 June 2011 - 12:17 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 29 June 2011 - 06:11 AM

FYI...

- http://www.adobe.com/support/security/
No advisory posted - yet. (released in new version of Chrome)
___

Flash Player release notes
> http://www.adobe.com...leasenotes.html
___

Fixes in Flash Player 10.3.181.34
- http://kb2.adobe.com...ain_10.3.181.34
Last updated: 2011-06-27
Jira bugs
[FP-###] denotes bugs that are filed in the Adobe Flash Player Bug and Issue Management System https://bugs.adobe.com/flashplayer
[FP-5317] Flash Player crashes when a high definition video is played in -any- browser (2848668)
[FP-6143] Flash app does not resize properly when wmode=transparent
[FP-6163] During 'Press Esc to exit full screen message' Flash player does not allow to load swf which loads another swf into SWFLoader. (2808217)
[FP-6198] url is being returned escaped in Flash Player 10.2, but wasn't in Flash Player 10.1 (2812702)
[FP-6230] DisplacementMapFilter doesn't work when movie is scaled (2814161)...
Browser...
Chrome: Printing SWFs is not enabled in Google Chrome. We are working with Google to address this issue. (2490502)
Safari: Printing SWFs is not enabled in Safari on Windows platforms. We are investigating this issue with Apple. (2490502)
Firefox: [FP-19322] In Firefox, a FaultEvent returns a status code of zero, ignoring the status returned by the web server (2827551)
Content Hero game at http://www.fishhf.com/ fails to load when using Firefox 3 (2834776)
When using Firefox 4 on Ubuntu Operating System, videos at new.music.yahoo.com fail to play (2840163)
Internet Explorer: [FP-6597] In Internet Explorer, tab navigation may stop working after tabbing to the end of Flash content ( 2849526)...
___

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/

:ph34r: :!:

Edited by AplusWebMaster, 31 July 2011 - 06:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 09 August 2011 - 08:18 PM

FYI...

> https://www.adobe.co...pport/security/

Flash Player v10.3.183.5 released
- https://www.adobe.co.../apsb11-21.html
Last updated: August 12, 2011
Platform: All platforms
Summary: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions... upgrade to the newest version 10.3.183.5...

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/

CVSS Severity: 10.0 (HIGH)
"... before 10.3.183.5..."
- http://web.nvd.nist....d=CVE-2011-2130
- http://web.nvd.nist....d=CVE-2011-2134
- http://web.nvd.nist....d=CVE-2011-2135
- http://web.nvd.nist....d=CVE-2011-2136
- http://web.nvd.nist....d=CVE-2011-2137
- http://web.nvd.nist....d=CVE-2011-2138
- http://web.nvd.nist....d=CVE-2011-2139
- http://web.nvd.nist....d=CVE-2011-2140
- http://web.nvd.nist....d=CVE-2011-2414
- http://web.nvd.nist....d=CVE-2011-2415
- http://web.nvd.nist....d=CVE-2011-2416
- http://web.nvd.nist....d=CVE-2011-2417
- http://web.nvd.nist....d=CVE-2011-2424 - Last revised: 08/16/2011
- http://web.nvd.nist....d=CVE-2011-2425
___

Adobe AIR v2.7.1 released
- https://krebsonsecur...-shockwave-air/
August 10, 2011 - "... flaws exist in Adobe AIR (before 2.7.1) for Windows, Mac and Android. Using an application that requires Adobe AIR (Tweetdeck or Pandora, for example) should prompt you to update to the latest version, AIR 2.7.1. If you don’t see a prompt to update the program, the latest version of AIR is available here*..."
* http://get.adobe.com/air/
___

Shockwave Player v11.6.1.629 released
- https://www.adobe.co.../apsb11-19.html
August 9, 2011
CVE number: CVE-2010-4308, CVE-2010-4309, CVE-2011-2419, CVE-2011-2420, CVE-2011-2421, CVE-2011-2422, CVE-2011-2423.
Platform: Windows and Macintosh
Summary: Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system... update to Adobe Shockwave Player 11.6.1.629... earlier versions upgrade to the newest version 11.6.1.629 available here:
- http://get.adobe.com/shockwave/

(Note: You may not have, want, or need Shockwave installed...)
Test Shockwave: https://www.adobe.co...ckwave/welcome/

Flash Media Server v4.0.3 v3.5.7 released
- https://www.adobe.co.../apsb11-20.html
August 9, 2011

Photoshop CS5 and CS5.1 updates available
- https://www.adobe.co.../apsb11-22.html
August 9, 2011

RoboHelp updates available
- https://www.adobe.co.../apsb11-23.html
August 9, 2011

:ph34r: :!: :ph34r:

Edited by AplusWebMaster, 17 August 2011 - 07:12 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 25 August 2011 - 09:29 AM

FYI...

Flash Player 10.3 Release Notes
- http://kb2.adobe.com...psid_90194.html

Flash Player v10.3.183.7
- http://kb2.adobe.com...main_10.3.183.7
"Adobe Flash Player 10.3.183.7 addresses compatibility issues:
- Calls to gotoAndPlay() and gotoAndStop() no longer fail in some Flash applications which load shared libraries (2943612).
- TextField instances which specify a negative offset (x property contains a negative value) now correctly flow the text horizontally instead of vertically (2941680).
- Improved performance in some cases when displaying complex animations (2941931).
- MSI versions of the Flash Player Installer now properly install the Native Settings Manager control panel on Windows (2939928).
- Flash applications at certain websites (http://www.justin.tv, http://heylenmichel.de) now load correctly (2939645, 2944081)."
___

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 13 September 2011 - 09:50 PM

FYI...

Adobe Reader and Acrobat - critical updates
- https://www.adobe.co.../apsb11-24.html
September 13, 2011
CVE numbers: CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442
"Critical vulnerabilities have been identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system...
... Adobe recommends users of Adobe Reader X (10.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.1). For users of Adobe Reader 9.4.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.1), Adobe has made available updates, Adobe Reader 9.4.6 and Adobe Reader 8.3.1...
... Adobe recommends users of Adobe Acrobat X (10.1) for Windows and Macintosh update to Adobe Acrobat X 10.1.1. Adobe recommends users of Adobe Acrobat 9.4.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.6, and users of Adobe Acrobat 8.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.1...
Note: Support for Adobe Reader 8.x and Acrobat 8.x for Windows and Macintosh will end on November 3, 2011...

Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates ..."
___

- http://h-online.com/-1342490
14 September 2011 - "... version 10.x offers an updated Adobe Approved Trust List (AATL) from which Adobe has removed all DigiNotar certificates. The 9.x versions don't yet dynamically update the AATL; this feature is planned to be included in future versions. Until then, users are advised to manually delete the certificates – Adobe has released instructions* on how to do so..."
* http://blogs.adobe.c...emovalaatl.html
___

- http://www.securityt....com/id/1026044
Sep 13 2011
Impact: Execution of arbitrary code via network, User access via local system, User access via network...
Version(s): 8.x prior to 8.3.1, 9.x prior to 9.4.6, and 10.x prior to 10.1.1...

- https://secunia.com/advisories/45978/
Release Date: 2011-09-14
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, Privilege escalation,
System access
Where: From remote
Solution Status: Vendor Patch...

:!:

Edited by AplusWebMaster, 15 September 2011 - 07:25 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 21 September 2011 - 03:04 PM

FYI...

Flash Player v10.3.183.10 released
- https://www.adobe.co.../apsb11-26.html
September 21, 2011
CVE number: CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444
Platform: All platforms
Summary: Critical vulnerabilities have been identified inAdobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10... Flash Player for Android... update to Adobe Flash Player for Android 10.3.186.7*...
* https://market.andro...ashplayer&hl=en

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com...re/flash/about/

- http://web.nvd.nist....d=CVE-2011-2426
- http://web.nvd.nist....d=CVE-2011-2427
- http://web.nvd.nist....d=CVE-2011-2428
- http://web.nvd.nist....d=CVE-2011-2430
Last revised: 09/22/2011
"... before 10.3.183.10..."
CVSS v2 Base Score: 9.3 (HIGH)

- https://secunia.com/advisories/46113/
Release Date: 2011-09-22
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote...
Original Advisory: Adobe:
http://www.adobe.com.../apsb11-26.html
FortiGuard Labs:
http://www.fortiguar...GA-2011-32.html

- http://www.securityt....com/id/1026084
Sep 22 2011
___

Adobe Reader and Acrobat updated... to 10.1.1, 9.4.6, 8.3.1
- https://www.adobe.co.../apsb11-24.html
Revised: September 21, 2011 - "... These updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-21 and Security Bulletin APSB11-26..."
- https://www.adobe.co.../apsb11-21.html
- https://www.adobe.co.../apsb11-26.html
___

- https://www.us-cert....y_advisory_for3
updated September 22, 2011

:!: :ph34r:

Edited by AplusWebMaster, 23 September 2011 - 10:04 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 01 October 2011 - 11:13 AM

FYI...

Adobe Photoshop Security Advisory APSA11-03
- https://www.adobe.co.../apsa11-03.html
September 30, 2011
Platform: Windows
"... Critical vulnerabilities exist in Adobe Photoshop Elements 8.0 and earlier versions. These two buffer overflow vulnerabilities (CVE-2011-2443) could cause a crash and potentially allow an attacker to take control of the affected system... Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop Elements to date. Photoshop Elements 10 and Photoshop Elements 9 are not vulnerable to this issue. Because Adobe Photoshop 8 and earlier versions are no longer supported, Adobe recommends users upgrade to Photoshop Elements 10 or Photoshop Elements 9..."

- http://web.nvd.nist....d=CVE-2011-2443
Last revised: 10/05/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... Adobe Photoshop Elements 8.0 and earlier..."

> http://www.adobe.com...ments&loc=en_us

> https://www.adobe.co...isplayTab3.html
___

- https://secunia.com/advisories/46277/
Release Date: 2011-10-03
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Upgrade to version 10.

:ph34r:

Edited by AplusWebMaster, 11 October 2011 - 12:11 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 05 October 2011 - 07:44 AM

FYI...

Flash Player v11.0.1.152 released
- http://kb2.adobe.com...psid_91932.html
October 4, 2011 - "... This release includes new features as well as enhancements and bug fixes related to security, stability, performance and device compatibility..."

New Features in Flash Player 11 and AIR 3
- http://kb2.adobe.com...in_new_features

Known Issues
- http://kb2.adobe.com...in_known_issues

System Requirements - Flash Player 11
- https://www.adobe.co...tech-specs.html
• Internet Explorer 7.0 and above, Mozilla Firefox 4.0 and above, Google Chrome, Safari 5.0 and above, Opera 11...
[Apparently -not- compatible with Firefox v3.6.23, possibly others.]
___

Downloads: https://www.adobe.co...tribution3.html
Flash Player 11 (64 bit)
IE: http://fpdownload.ma...ive_x_64bit.exe
Flash Player 11 (32 bit)
IE: http://fpdownload.ma...ive_x_32bit.exe
Firefox, other Plugin-based browsers: http://fpdownload.ma...lugin_32bit.exe

Flash test site: http://www.adobe.com...re/flash/about/
___

- http://nakedsecurity...ith-brad-arkin/
October 6, 2011 - "... Flash applications will now be able to use SSL socket connections to securely communicate over the network. Flash Player will now provide access to your operating system's cryptography APIs... This enables the use of a proper pseudo-random number generator for instances where greater security is required.
Flash is now available in a 64 bit binary as well, and will take advantage of 64 bit ASLR (Address Space Layout Randomization) where available..."

- http://blogs.adobe.c...ty-updates.html
___

- https://isc.sans.edu...l?storyid=11731
Oct 04 2011

:ph34r:

Edited by AplusWebMaster, 07 October 2011 - 01:50 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 21 October 2011 - 08:39 PM

FYI...

Flash click-jacking exploit...
- https://isc.sans.edu...l?storyid=11857
Last Updated: 2011-10-21 - "... a blog post about a vulnerability in Flash that allows for a click jacking attack to turn on the clients camera and microphone. The attack is conceptually similar to the original click jacking attack presented in 2008. Back then Flash adjusted the control panel. The original attack "framed" the entire Flash control page. To prevent the attack, Adobe added frame busting code to the settings page. Feross' attack doesn't frame the entire page, but instead includes just the SWF file used to adjust the settings, bypassing the frame busting javascript in the process.

Update: Adobe fixed the problem. The fix does not require any patches for client side code. Instead, adobe modified the control page and applet that users load from Adobe's servers. Details from Adobe:
- http://blogs.adobe.c...gs-manager.html
"... We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website..."
> http://www.macromedi..._manager06.html
___

- http://blogs.adobe.c...nd-acrobat.html
October 21, 2011 - "The next quarterly security update for Adobe Reader and Acrobat has been rescheduled for January 10, 2012."

:!: :ph34r:

Edited by AplusWebMaster, 23 October 2011 - 04:58 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 07 November 2011 - 09:11 PM

FYI...

UNIX Adobe Reader v9.4.6 released
- https://www.adobe.co.../apsb11-24.html
Revisions:
November 7, 2011 - Added information on UNIX version
October 21, 2011 - Changed date of next quarterly security update from December 13, 2011 to new scheduled date of January 10, 2012
September 21, 2011 - Added information on Security Bulletin APSB11-26
September 19, 2011 - Added additional Acknowledgment for CVE-2011-2438
September 13, 2011 - Bulletin released
"... Adobe categorizes these as critical updates... Adobe recommends users of Adobe Reader 9.4.5 and earlier versions for UNIX update to Adobe Reader 9.4.6... Adobe Reader users on UNIX can find the appropriate update here:
ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/ ..."

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 08 November 2011 - 08:03 PM

FYI...

Shockwave v11.6.3.633 released
- https://www.adobe.co.../apsb11-27.html
November 8, 2011
CVE number: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
Platform: Windows and Macintosh
Summary: Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions update to Adobe Shockwave Player 11.6.3.633... available here:
- http://get.adobe.com/shockwave/ ..."
___

- http://www.securityt....com/id/1026288
Date: Nov 8 2011
CVE Reference: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
Impact: Execution of arbitrary code via network, User access via network
Version(s): 11.6.1.629 and prior
... The vendor has issued a fix (11.6.3.633)...

- https://secunia.com/advisories/46667/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: System access
Where: From remote ...
... vulnerabilities are reported in versions 11.6.1.629 and prior.
Solution: Update to version 11.6.3.633...

:!:

Edited by AplusWebMaster, 09 November 2011 - 09:08 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#43 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 10 November 2011 - 10:04 PM

FYI...

Flash Player v11.1.102.55 || AIR v3.1.0.4880 released
- https://www.adobe.co.../apsb11-28.html
November 10, 2011 - "Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android.
Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should update to Adobe AIR 3.1.0.4880...
For users who cannot update to Flash Player 11.1.102.55, Adobe has developed a patched version of Flash Player 10, Flash Player 10.3.183.11*...
Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android by browsing to the Android Marketplace on an Android device."
CVE number: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460
Platform: All Platforms

Release notes: http://kb2.adobe.com...in_new_features
___

Flash downloads: https://www.adobe.co...tribution3.html
Flash Player 11 (64 bit)
IE: http://fpdownload.ma...ive_x_64bit.exe
Flash Player 11 (32 bit)
IE: http://fpdownload.ma...ive_x_32bit.exe
Firefox, other Plugin-based browsers: http://fpdownload.ma...lugin_32bit.exe
*Flash v10.3.183.11:
IE:
http://download.macr...10_active_x.exe
Firefox v3.6.4, some other browsers:
http://download.macr...h_player_10.exe

Flash test site: http://www.adobe.com...re/flash/about/
___

AIR latest version is available here: http://get.adobe.com/air/
___

- https://secunia.com/advisories/46818/
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote...
... vulnerabilities are reported in the following products:
* Adobe Flash Player versions 11.0.1.152 and prior for Windows, Macintosh, Linux, and Solaris
* Adobe Flash Player versions 11.0.1.153 and prior for Android
* Adobe AIR versions 3.0 for Windows, Macintosh, and Android
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com.../apsb11-28.html

- http://www.securityt....com/id/1026314
Date: Nov 11 2011
Impact: Execution of arbitrary code via network, User access via network...
Fix Available: Yes...
Version: 11.0.1.152 and prior...

- http://web.nvd.nist....d=CVE-2011-2445
- http://web.nvd.nist....d=CVE-2011-2450
- http://web.nvd.nist....d=CVE-2011-2451
- http://web.nvd.nist....d=CVE-2011-2452
- http://web.nvd.nist....d=CVE-2011-2453
- http://web.nvd.nist....d=CVE-2011-2454
- http://web.nvd.nist....d=CVE-2011-2455
- http://web.nvd.nist....d=CVE-2011-2456
- http://web.nvd.nist....d=CVE-2011-2457
- http://web.nvd.nist....d=CVE-2011-2458
- http://web.nvd.nist....d=CVE-2011-2459
- http://web.nvd.nist....d=CVE-2011-2460
CVSS v2 Base Score: 10.0 (HIGH)
"... Flash Player before 10.3.183.11 and 11.x before 11.1.102.55..."

.

Edited by AplusWebMaster, 15 November 2011 - 07:37 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#44 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 01 December 2011 - 05:30 AM

FYI...

Adobe Flex SDK security update available
- https://www.adobe.co.../apsb11-25.html
CVE number: CVE-2011-2461
Platform: Windows, Macintosh and Linux
November 30, 2011 - "... An important vulnerability has been identified in the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions on the Windows, Macintosh and Linux operating systems:
All Web-based (-not- AIR-based) Flex applications built using any release of Flex 3.x (including 3.0, 3.0.1, 3.1, 3.2, 3.3, 3.4, 3.4.1, 3.5, 3.5A and 3.6) may be vulnerable.
Web-based (-not- AIR-based) Flex applications built using any release of Flex 4.x (including 4.0, 4.1, 4.5 and 4.5.1) that were compiled using static linkage of the Flex libraries rather than RSL (runtime shared library) linkage are vulnerable.
Most Flex 4.x applications that were compiled in the default way (specifically, using RSL linkage) are not vulnerable; however, there are rare cases in which they may be vulnerable. To determine whether an application is vulnerable, customers should use the SWF patching tool described in the tech note*.
This vulnerability could lead to cross-site scripting issues in Flex applications. Adobe recommends users of the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions update their software, verify whether any SWF files in their applications are vulnerable, and update any vulnerable SWF files using the instructions and tools provided as outlined in the tech note* ..."
* http://www.adobe.com...ecuritytechnote
___

- https://secunia.com/advisories/47053/
Release Date: 2011-12-01
Impact: Cross Site Scripting
Where: From remote
CVE Reference: CVE-2011-2461
Original Advisory: Adobe (APSB11-25):
http://www.adobe.com.../apsb11-25.html
http://kb2.adobe.com...psid_91544.html

- http://www.securityt....com/id/1026361
CVE Reference: http://web.nvd.nist....d=CVE-2011-2461
Date: Dec 1 2011
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Flex application, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: ... The vendor recommends that users verify their SWF applications to ensure they are not affected.
The vendor's advisory is available at:
http://www.adobe.com.../apsb11-25.html

:!:

Edited by AplusWebMaster, 02 December 2011 - 07:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#45 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 14 December 2011 - 12:20 AM

FYI...

ColdFusion - hotfix...
- https://www.adobe.co.../apsb11-29.html
December 13, 2011
CVE number: CVE-2011-2463, CVE-2011-4368
"Summary: Important vulnerabilities have been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. These vulnerabilities could lead to a cross-site scripting attack. Adobe recommends users update their product installation...
Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1 and 8.0 for Windows, Macintosh and UNIX
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
- http://kb2.adobe.com...psid_92512.html ..."

- http://www.securityt....com/id/1026405
Dec 13 2011

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 16 December 2011 - 02:15 PM

FYI...

- https://www.adobe.co.../apsb12-01.html
January 6, 2012 - "Adobe is planning to release updates for Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh to resolve critical security issues. These updates will include fixes for CVE-2011-2462 and CVE-2011-4369... available on Tuesday, January 10, 2012..."
___

Adobe Reader/Acrobat v9.4.7 released
- https://www.adobe.co.../apsb11-30.html
Release date: December 16, 2011
CVE numbers:
* http://web.nvd.nist....d=CVE-2011-2462
- http://web.nvd.nist....d=CVE-2011-4369
CVSS v2 Base Score: 10.0 (HIGH)
"... Reader and Acrobat 9.x before 9.4.7... as exploited in the wild in December 2011..."
"... updates address these vulnerabilities in Adobe Reader and Acrobat 9.x for Windows. Adobe recommends users of Adobe Reader 9.4.6 and earlier... update to Adobe Reader 9.4.7. Adobe recommends users of Adobe Acrobat 9.4.6 and earlier... update to Adobe Acrobat 9.4.7... Users can utilize the product's update mechanism..."
___

- http://www.symantec....eatconlearn.jsp
Updated: Dec 21 - "... For the period of December 8, 2011 through December 20, 2011, Symantec intelligence products have detected a total of -780- attempted exploits of CVE-2011-2462*..."
___

- https://secunia.com/advisories/47133/
Last Update: 2011-12-16
Criticality level: Extremely critical
Solution: Update to version 9.4.7 for Windows. Fixes are scheduled for Adobe Reader/Acrobat X and Adobe Reader for Unix 9.x for January 10, 2012...

- http://h-online.com/-1397440
17 December 2011

:ph34r: :ph34r:

Edited by AplusWebMaster, 06 January 2012 - 09:31 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 10 January 2012 - 05:44 PM

FYI...

Adobe Black Tuesday
- https://isc.sans.edu...l?storyid=12364
Last Updated: 2012-01-10 19:38:39 UTC - "Adobe has released 1 bulletin today (Reader & Acrobat: Update to 10.1.2 or 9.5) ...
- http://www.adobe.com.../apsb12-01.html
http://web.nvd.nist....d=CVE-2011-2462 - 10.0 (HIGH)
http://web.nvd.nist....d=CVE-2011-4369 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-2470 - 4.3
- http://web.nvd.nist....d=CVE-2011-4371 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-4372 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-4373 - 7.5 (HIGH)
Critical ... Users can utilize the product's update mechanism... Help > Check for Updates..."

- https://secunia.com/advisories/45852/
Last Update: 2012-01-16
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 9.5 or 10.1.2.

:!: :ph34r:

Edited by AplusWebMaster, 16 January 2012 - 11:41 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 14 February 2012 - 08:37 AM

FYI...

Shockwave Player v11.6.4.634 released
- https://www.adobe.co.../apsb12-02.html
Feb 14, 2012
CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766
- http://web.nvd.nist....iew/vuln/search - (ALL rated CVSS Severity: 10.0 HIGH)
Platform: Windows and Macintosh
Summary: This update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634
... available here: http://get.adobe.com/shockwave/ .

Security update available for RoboHelp for Word
* https://www.adobe.co.../apsb12-04.html
February 14, 2012
CVE number: CVE-2012-0765
Platform: Windows
Summary: This update addresses an important vulnerability in RoboHelp 9 (or 8) for Word on Windows. A specially crafted URL could be used to create a cross-site scripting attack on Web-based output generated using RoboHelp for Word. Adobe recommends users update their product installation using the instructions (at the URL above*)...

:!: :ph34r:

Edited by AplusWebMaster, 20 February 2012 - 05:03 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 15 February 2012 - 06:51 PM

FYI...

Flash Player v11.1.102.62 released
- https://www.adobe.co.../apsb12-03.html
Feb 15, 2012
CVE numbers:
- http://web.nvd.nist....d=CVE-2012-0751
- http://web.nvd.nist....d=CVE-2012-0752
- http://web.nvd.nist....d=CVE-2012-0753
- http://web.nvd.nist....d=CVE-2012-0754
- http://web.nvd.nist....d=CVE-2012-0755
- http://web.nvd.nist....d=CVE-2012-0756
( -ALL- CVSS v2 Base Score: 10.0 HIGH )
- http://web.nvd.nist....d=CVE-2012-0767 - 4.3 Last revised: 02/25/2012
Platform: All Platforms
Summary: This update addresses critical vulnerabilities in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6... For users who cannot update to Flash Player 11.1.102.62, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.15...

Download
>> https://www.adobe.co...tribution3.html

- https://market.andro...ashplayer&hl=en
Flash Player Android...
___

- https://secunia.com/advisories/48033/
Release Date: 2012-02-16
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote
... reportedly being actively exploited in targeted attacks.
Original Advisory:
http://www.adobe.com.../apsb12-03.html

- http://www.securityt....com/id/1026694
Date: Feb 16 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network...

:!: :!:

Edited by AplusWebMaster, 25 February 2012 - 10:20 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,201 posts

Posted 06 March 2012 - 09:35 AM

FYI...

Flash Player v11.1.102.63 critical update
- https://www.adobe.co.../apsb12-05.html
March 5, 2012
CVE number:
- http://web.nvd.nist....d=CVE-2012-0768 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0769 - 5.0
Platform: All Platforms
Summary: "These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7... For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16..."
___

Download:

The normal distribution site has been updated to the latest versions (@ 3.06.2012 15:45est):
- https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
___

- https://secunia.com/advisories/48281/
Release Date: 2012-03-06
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote...
Solution: Update to a fixed version...

- http://www.securityt....com/id/1026761
Date: Mar 6 2012
CVE Reference: CVE-2012-0768, CVE-2012-0769
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 11.1.102.63; prior to 11.1.111.7 and 11.1.115.7 for Android

:ph34r: :ph34r:

Edited by AplusWebMaster, 06 March 2012 - 10:44 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button