martedì 15 giugno 2010

Adobe Flash Player 10.1.53.64


Spesso ci si dimentica di aggiornare i vari plugin per il browser se il loro aggiornamento non viene segnalato dallo stesso, e ci si ritrova cosi con un browser poco sicuro, è questa la situazione in cui ci si può trovare non aggiornando Flash Player che è affetto da 30 vulnerabilità di livello Estremamente Critico.

Ecco l'elenco completo delle vulnerabilità:


1) An error exists in the ActionScript Virtual Machine 2 (AVM2) when handling the "newfunction" instruction. This can be exploited to incorrectly calculate the location of a pointer later used to obtain an object reference, which may result in execution of user-controlled data in memory.

NOTE: This vulnerability is reportedly being actively exploited.

2) An unspecified error can be exploited to exhaust available memory and potentially execute arbitrary code.

3) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

4) An array indexing error can be exploited to potentially execute arbitrary code.

5) An unspecified error can be exploited to corrupt heap memory and potentially execute arbitrary code.

6) An unspecified error can be exploited to potentially execute arbitrary code.

7) A use-after-free error when processing an image placed on a linked list can be exploited to potentially execute arbitrary code.

8) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

9) Another unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

10) An error can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code.

11) An error related to the use of a pointer can be exploited to corrupt memory and potentially execute arbitrary code.

12) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code.

13) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

14) An error related to an invalid pointer can be exploited to potentially execute arbitrary code.

15) Another error related to an invalid pointer can be exploited to potentially execute arbitrary code.

16) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

17) A second unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

18) A third unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

19) A fourth unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

20) An error when parsing URLs can be exploited to execute arbitrary script code in a different domain in Firefox and Chrome browsers.

21) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

22) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code.

23) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

24) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code.

25) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

26) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code.

27) An unspecified error can be exploited to cause a crash or potentially execute arbitrary code.

28) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

29) Another unspecified error can be exploited to corrupt memory and potentially execute arbitrary code.

30) An error when running on VMWare systems with VMWare Tools enabled can be exploited to corrupt memory and potentially execute arbitrary code.


Sono stati da poco rilasciati gli aggiornamenti per porre rimedio a queste gravi vulnerabilità, ed ecco i link per aggiornare:

Link per il download: Flash Player per Internet Explorer, Flash Player per Firefox, Opera, Safari
Se per qualche motivo i due link precedenti non dovessero funzionare, cliccate su questo link per visitare il sito di adobe..

Nessun commento:

Posta un commento