VULNERABILITIES / FIXES - March 29, 2012
by Carol~ - 3/29/12 6:51 AM
Adobe Flash Player / AIR Two Vulnerabilities
Release Date : 2012-03-29
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Adobe AIR 3.x
Adobe Flash Player 11.x
Two vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to compromise a user's system.
1) An error within an ActiveX Control when checking the URL security domain can be exploited to corrupt memory.
NOTE: This vulnerability affects Windows Vista and Windows 7 only.
2) An unspecified error within the NetStream class can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in the following versions:
* Adobe Flash Player versions 18.104.22.168 and prior for Windows, Macintosh, Linux, and Solaris.
* Adobe Flash Player versions 22.214.171.124 and prior for Android 3.x and 2.x.
* Adobe AIR versions 126.96.36.19980 and prior for Windows, Macintosh, and Android.
Update to a fixed version.
Provided and/or discovered by:
The vendor credits:
1) Microsoft Vulnerability Research (MSVR)
2) An anonymous person via ZDI