Users are recommended to update to the most current version of Flash Player available for their platform.
#ADOBE FLASH PLAYER 9 PROBLEMS SOFTWARE#Īffected software versionsĪdobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier. To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
SolutionĪdobe recommends all users of Adobe Flash Player 9.0.45.0 and earlier versions upgrade to the newest version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux), by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.įor customers who cannot upgrade to Adobe Flash Player 9, Adobe has developed a patched version of Flash Player 7. Please refer to the Flash Player update TechNote. Severity ratingĪdobe categorizes this as a critical issue and recommends affected users upgrade to version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux). DetailsĪn input validation error has been identified in Flash Player 9.0.45.0 and earlier versions that could lead to the potential execution of arbitrary code. This vulnerability could be accessed through content delivered from a remote location via the user’s web browser, email client, or other applications that include or reference the Flash Player. (CVE-2007-3456)Īn issue with insufficient validation of the HTTP Referer has been identified in Flash Player 8.0.34.0 and earlier. This issue does not affect Flash Player 9. This issue could potentially aid an attacker in executing a cross-site request forgery attack.
The Linux and Solaris updates for Flash Player 7 (7.0.70.0) address the issues with Flash Player and the Opera and Konqueror browsers described in Security Advisory APSA07-03. These issues do not impact Flash Player 9 on Linux or Solaris. (CVE-2007-2022) Affected softwareįlash Player 9.0.45.0 and earlier network distributionįlash Player 9.0.45.0 and earlier for Linuxįlash Player 9 Update for Flash CS3 Professionalįlash Player 8 Update for Flash Professional 8, Flash BasicĪdobe would like to thank Stefano DiPaola, Elia Florio and Giorgio Fedon for reporting the input validation error (CVE-2007-3456) and for working with us to help protect our customers’ security.Īdobe would like to thank Daiki Fukumori of Secure Sky Technology, Inc. #ADOBE FLASH PLAYER 9 PROBLEMS SOFTWARE#.#ADOBE FLASH PLAYER 9 PROBLEMS UPGRADE#.