NEWS - December 11, 2012
by Carol~ - 12/11/12 11:04 AM
Adobe Patches Memory Flaws in Flash Player and Sandbox Vulnerability in ColdFusion
Adobe's second set of security updates coinciding with Microsoft's monthly patch releases were made available today. The two bulletins include patches for vulnerabilities in Adobe Flash Player and Adobe ColdFusion.
The Flash vulnerabilities for Windows are rated most severe by Adobe and successful exploits could result in crashes, or an attacker being able to remotely execute code.
The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe said.
The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 184.108.40.206 and earlier versions for Linux, Adobe Flash Player 220.127.116.11 and earlier versions for Android 4.x, and Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x, the company said.
Adobe added there are no active exploits in the wild for any of these flaws.
The security hotfix for ColdFusion 10, meanwhile, takes care of a sandbox permissions violation in a shared hosting environment, Adobe said in its advisory. ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX, are vulnerable.
Less than a month ago, Adobe issued an out-of-band patch for ColdFusion that patched a denial-of-service vulnerability for the platform running on Microsoft's IIS Web server.