U.S. Flag Official website of the Department of Homeland Security

Alert (TA09-343A)

Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR

Original release date: December 09, 2009 | Last revised: January 24, 2013

Systems Affected

  • Adobe Flash Player 10.0.32.18 and earlier versions
  • Adobe AIR 1.5.2 and earlier versions

Overview

Adobe has released Security bulletin APSB09-19, which describes vulnerabilities affecting Adobe Flash Player and Adobe AIR.

Description

Adobe Security Bulletin APSB09-19 describes vulnerabilities affecting Adobe Flash Player and Adobe AIR. Flash Player version 10.0.32.18 and earlier versions as well as Adobe AIR versions 1.5.2 and earlier are affected.

An attacker could exploit this vulnerability by convincing a user to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected.

Impact

This vulnerability allows a remote attacker to execute arbitrary code as the result of a user viewing a web page.

Solution

Users are encouraged to update Flash Player 10.0.32.18 and earlier versions as well as Adobe AIR 1.5.2 and earlier versions to the latest version.

These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document.

References

Revisions

  • December 09, 2009: Initial release

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top