Vulnerabilities in Adobe Flash Player 8.0.24.0

http://www.adobe.com/support/security/bulletins/apsb06-11.html
(SEP 12, 200)

 ====================== excerpt ====================
Security bulletin 
Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier 
Versions

Release Date: September 12, 2006
[...]

Summary
Critical vulnerabilities have been identified in Flash Player 
8.0.24.0 and earlier versions that could allow an attacker who 
successfully exploits these vulnerabilities to take control of the 
affected system. A malicious SWF file must be loaded in Flash 
Player by the end user for an attacker to exploit these 
vulnerabilities. It is recommended that users update to the most 
current version of Flash Player available for their platform.
[...]
Solution

Adobe recommends all users of Flash Player 8.0.24.0 and earlier 
versions upgrade to the newest version 9.0.16.0 [...]

 [they later recommend version 8.0.33.0. <shrug>]

Severity Rating
Adobe categorizes this as a critical update and recommends affected 
users upgrade to version 9.0.16.0.
[...]
 ==========================================

http://www.adobe.com/support/flashplayer/downloads.html

0
Mark
9/13/2006 2:59:13 PM
grc.news.latestversions 8022 articles. 0 followers. Follow

12 Replies
792 Views

Similar Articles

[PageSpeed] 30

QuickTime too.

Big security fixes for QuickTime, Flash Player:

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1215411,00.html
or
http://makeashorterlink.com/?O16E211CD

-- 
js
0
john
9/13/2006 4:03:34 PM
Am Wed, 13 Sep 2006 10:59:13 -0400, Mark V sagt:

> Adobe recommends all users of Flash Player 8.0.24.0 and earlier 
> versions upgrade to the newest version 9.0.16.0 [...]
> 
>  [they later recommend version 8.0.33.0. <shrug>]

8.0.33.0 seems to be the necessary upgrade to 8.0.24.0 without your
having to move up to version 9.

I have finally found the 8.0.33.0 upgrade (sorry I didn't copy the url,
I was so busy cursing the descendants of the Adobe website designer),
but having done the upgrade, and restarted Firefox, it seems to me that
my Flash security settings have remained as they were (IOW they have not
been overwritten by the upgrade). 
 
> Severity Rating
> Adobe categorizes this as a critical update and recommends affected 
> users upgrade to version 9.0.16.0.

Has anyone used 9.0.16.0 yet ? Any strange delights in store ?

Followup set to techtalk

-- 
RH
0
Mister
9/13/2006 4:31:33 PM
In grc.news.latestversions Mister Hucker wrote:

> Am Wed, 13 Sep 2006 10:59:13 -0400, Mark V sagt:
> 
>> Adobe recommends all users of Flash Player 8.0.24.0 and earlier
>> versions upgrade to the newest version 9.0.16.0 [...]
>> 
>>  [they later recommend version 8.0.33.0. <shrug>]
> 
> 8.0.33.0 seems to be the necessary upgrade to 8.0.24.0 without
> your having to move up to version 9.
> 
> I have finally found the 8.0.33.0 upgrade (sorry I didn't copy
> the url, I was so busy cursing the descendants of the Adobe
> website designer), but having done the upgrade, and restarted

Me too (cursing the fools for "clear as mud" work).

> Firefox, it seems to me that my Flash security settings have
> remained as they were (IOW they have not been overwritten by the
> upgrade). 

Ditto here Win32 NS Plugin 08.24.0 -> 08.33.0

[ ]
> Has anyone used 9.0.16.0 yet ? Any strange delights in store ?

Could you hear me screaming there?  It should have been possible...
I eventually found an actual downloadable pkg. I thought might be 
"easy".  Wrong.
16 MB d/l (flash_player_update2_flash8_win.zip)
unzips to 33MB of various "release" and "debug" files.  

ALL I WANTED WAS A NEW  NPSWF32.dll (1,316,472) and no other crap.  
I lost again...  This is insane.  Thanks (not!) once again Adobe.

Now, what we need (ha ha) is a "Foxit-like" Flash Player...
0
Mark
9/13/2006 4:48:02 PM
In grc.news.latestversions john .s. smith wrote:

> QuickTime too.
> 
> Big security fixes for QuickTime, Flash Player:
> 
> http://searchsecurity.techtarget.com/originalContent/0,289142,sid
> 14_gci1215411,00.html or
> http://makeashorterlink.com/?O16E211CD

When QuickTime Alternative is updated, I will post here.
0
Mark
9/13/2006 4:48:55 PM
On Wed, 13 Sep 2006 17:31:33 +0100, Mister Hucker  
<Rudolf@example.net> wrote:

> <snip>
>
> 8.0.33.0 seems to be the necessary upgrade to 8.0.24.0 without your
> having to move up to version 9.
>
> I have finally found the 8.0.33.0 upgrade (sorry I didn't copy the  
> url,
> I was so busy cursing the descendants of the Adobe website  
> designer),
> but having done the upgrade, and restarted Firefox, it seems to me  
> that
> my Flash security settings have remained as they were (IOW they  
> have not
> been overwritten by the upgrade).
> <snip>
>
> Has anyone used 9.0.16.0 yet ? Any strange delights in store ?
>
> Followup set to techtalk
>

Uh lots of sites with embedded u-tube videos have no sound, although  
u-tube themselves appear to have upgraded their player to cope.

-- 
Jarvis
0
Jarvis
9/13/2006 4:49:14 PM
On Wed, 13 Sep 2006 12:48:55 -0400, Mark V wrote:

>In grc.news.latestversions john .s. smith wrote:
>
>> QuickTime too.
>> 
>> Big security fixes for QuickTime, Flash Player:
>> 
>> http://searchsecurity.techtarget.com/originalContent/0,289142,sid
>> 14_gci1215411,00.html or
>> http://makeashorterlink.com/?O16E211CD
>
>When QuickTime Alternative is updated, I will post here.

Thanks.

-- 
js
0
john
9/13/2006 5:08:10 PM
On Wed, 13 Sep 2006 17:31:33 +0100, Mister Hucker wrote:

>Followup set to techtalk

Why does the Flash Player installation require Admin rights yet
Shockwave Flash may be installed from an LUA?

-- 
js
0
john
9/13/2006 5:50:11 PM
Mister Hucker <Rudolf@example.net> wrote in news:ee9bp6$1ha4$1@news.grc.com:

> Am Wed, 13 Sep 2006 10:59:13 -0400, Mark V sagt:
> 
>> Adobe recommends all users of Flash Player 8.0.24.0 and earlier 
>> versions upgrade to the newest version 9.0.16.0 [...]
>> 
>>  [they later recommend version 8.0.33.0. <shrug>]
> 
> 8.0.33.0 seems to be the necessary upgrade to 8.0.24.0 without your
> having to move up to version 9.
> 
> I have finally found the 8.0.33.0 upgrade (sorry I didn't copy the url,
> I was so busy cursing the descendants of the Adobe website designer),
> but having done the upgrade, and restarted Firefox, it seems to me that
> my Flash security settings have remained as they were (IOW they have not
> been overwritten by the upgrade). 
>  
>> Severity Rating
>> Adobe categorizes this as a critical update and recommends affected 
>> users upgrade to version 9.0.16.0.
> 
> Has anyone used 9.0.16.0 yet ? Any strange delights in store ?
> 
> Followup set to techtalk

I've been using 9.0.16.0 since it's release and not noticed anything untoward.
0
Fuzzy
9/13/2006 6:09:54 PM
Also don't forget about the latest Macromedia Flash Player v7 upgrade for
OS's that do not support Flash Player 8 - such as those that still use W98
or whatever else...

This link gives downloads to update their v7 to the latest Flash Player
version 7r68 which incorporates the latest fix for the vulnerability Mark
mentioned

http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=d9c2fe33

Rick




0
Rick
9/15/2006 12:04:59 PM
Mark V wrote:
> http://www.adobe.com/support/flashplayer/downloads.html

Hi!

I visited the above URL with Firefox, was greeted by a page with a link 
to an installer for Firefox, Mozilla, Netscape, Opera, and CompuServe:
<http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player.exe>
When following that link I got a 404... I have tried every now and then 
for ten days now.

In IE, on the other hand, everything seems to work.

Is it just me who can't get the installer for Firefox?

/Martin Leben
0
Martin
9/23/2006 10:00:27 AM
Martin Leben writes:

> Is it just me who can't get the installer for Firefox?

It worked for me just now. Are you running a proxy or filtering 
application of any kind?  Firewall?  Extensions?
0
Dennis
9/23/2006 10:26:25 AM
Dennis Henderson wrote:
> Martin Leben writes:
> 
>> Is it just me who can't get the installer for Firefox?
> 
> It worked for me just now. Are you running a proxy or filtering 
> application of any kind?  Firewall?  Extensions?

- No proxy. No filter. Just a NAT between me and the net.
- Extensions: Tab Mix Plus, RefControl and NoScript.
- RefControl is turned off for the domain <fpdownload.macromedia.com>, 
so is sees the full referrer 
<http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash>.
- Allowing JavaScripts on <www.adobe.com>.
- Allowing all cookies (while testing this).

Well... I seems that could get with Firefox on another computer that is 
"extension-free". Don't know why, but... *shrugs*

Thanks anyway!

/Martin
0
Martin
9/23/2006 3:11:55 PM
Reply:

Similar Artilces:

0.0.0.0
Can someone tell me the function of this scan? FWIN,2001/08/28,20:06:43 -6:00 GMT,0.0.0.0:800,255.255.255.255:800,UDP "Ben" <notben@home.com> wrote in message news:9mhion$2hf9$1@news.grc.com... > Can someone tell me the function of this scan? > FWIN,2001/08/28,20:06:43 -6:00 GMT,0.0.0.0:800,255.255.255.255:800,UDP Ben, I haven't a clue. 800 TCP mdbs_daemon 800 UDP mdbs_daemon http://www.robertgraham.com/pubs/firewall-seen.html http://www.robertgraham.com/pubs/firewall-seen.html#3.6 http://www.robertgraham.com/pubs/firewall-seen.html#3.2 -- ...

0.0.0.0 ????
Obviously a local IP, but what are its functions/purpose? Thanks for educating the uneducated. In article <MPG.18bf7ade16e851cb989680@news.grc.com>, shr@p.com says... > > > Obviously a local IP, but what are its functions/purpose? > > Thanks for educating the uneducated. > Any available adapter - i.e. not bound to specific IP address. -- Bloated Elvis In article <MPG.18bf7ade16e851cb989680@news.grc.com>, shr@p.com says... > > > Obviously a local IP, but what are its functions/purpose? > > Thanks for educating the une...

Adobe Flash Player 12.0.0.44
Adobe Bulletin: <http://helpx.adobe.com/security/products/flash-player/apsb14-04.html> Poster notes - avoid ALL third party offerings like Google Chrome Google Toolbar, etc - like the *Plague* ! <http://get.adobe.com/flashplayer/> -- Randy <https://twitter.com/randyknobloch> <http://www.linkedin.com/in/randyknobloch> <http://msmvps.com/blogs/siljaline/default.aspx> Randy Knobloch wrote: > Adobe Bulletin: > <http://helpx.adobe.com/security/products/flash-player/apsb14-04.html> > > > Poster notes - avoid ALL third par...

Adobe Flash Player 12,0,0,x
See New Release Notes[1], See Information @ Adobe PSIRT[2] <http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_active_x.exe> <http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_plugin.exe> <http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe> [1] <http://www.adobe.com/support/documentation/en/flashplayer/releasenotes.html> [2] <http://blogs.adobe.com/psirt> Last-Modified: Fri, 20 Dec 2013 04:03:29 GMT S:\install_flash_player_12_a...

Adobe Flash Player version 9.0.115.0
http://www.adobe.com/ Dan wrote: > http://www.adobe.com/ Some info on new features in the new version: <http://www.adobe.com/devnet/logged_in/jchurch_flashplayer9.html> Highlights: H.264 and high-efficiency AAC support Graphical rendering enhancements Flash Player cache The changes in the cache will need some looking in to. Will it involve even more cookie style user info caching? Some info on security related changes: <http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html> <http://preview.tinyurl.com/3xfus9> Highlights: Poli...

Adobe releases Flash Player 9.0.151.0 after all
Adobe has released version 9.0.151.0 of Flash Player to avoid letting down those users who for certain reasons can't update to the current version 10. This includes the users of Microsoft Windows 98, Windows ME, Mac OS X 10.1 to 10.3 and Red Hat Enterprise Linux 3 and 4. According to Adobe, version 10 does not work on these systems. Adobe had initially planned to discontinue its support of the series 9 versions. http://www.heise-online.co.uk/security/Adobe-releases-Flash-Player-9-0-151-0-after-all--/news/111902 -- "Never drive faster than your ANGEL can fly" ...

63.0.0.0.0/255..0.0.0
Has anyone ever heard of this or know where it goes to.It was asking permission to act as a server? Thanks in advance for any help. "pb" <nothing@nomail.com> wrote in message news:9pa1u4$38b$1@news.grc.com... > Has anyone ever heard of this or know where it goes to.It was asking > permission to act as a server? Thanks in advance for any help. If it shows in your firewall log, can you post a copy of it? -- � -- Robert grc.com forum FAQ - http://grc.com/discussions.htm grc.com forum quick reference - http://grc.com/nntpquickref.htm grc.com forum disclaim...

Problem with Adobe Flash Player version 9.0.124.0
Name: Simon Product: Firefox Summary: Problem with Adobe Flash Player version 9.0.124.0 Comments: Doesnt work with firefox 3 Ask to install the player everytime I need the plugin... Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9) Gecko/2008052906 Firefox/3.0 From URL: http://hendrix.mozilla.org/ ...

8.0.0 to 8.0.2 migration
Hi, We are planning to migrate one application from 8.0.0 to 8.0.2. So, can we install two different versions of SQL Anywhere Studio i.e. 8.0.0 and 8.0.2 on the same machine? If not, then what are the migration issues, if any. Do I need to make changes in my existing code which interact with database? Further I am using SQL Remote for data replication, will this component be affected by the migration. Thanks in advance. Pankaj Gupta Please do not cross post... -- ________________________________________________ Joshua Savill , SYBASE iAnywhere Solutions - Technical S...

Sending proxy ID type 4 0.0.0.0/0.0.0.0 --How can I populate these BM3.8
I have narrowed a previous issue to this problem. My IPsec compliant firewall (PIX) expects these to have values (I'm assuming that they should contain the IP and subnets of the BM38 server and the other firewall) populated. The IKE screen on the BM3.8 server reports "Sending proxy ID type 4 0.0.0.0/0.0.0.0". The PIX reports "testpix(config)# IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) dest= 192.168.1.1, src= 192.168.1.2, dest_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), src_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), protocol= ESP, t...

openSUSE 11.0 Adobe Flash Player in Mozilla Prism 0.9
Does anyone know a way of getting Adobe Flash Player to work within a standalone installation of Mozilla Prism 0.9. I tried following copying libflashplayer.so as per the following URL with no joy. '� How to install Flash player in Mozilla Prism, in Ubuntu Gutsy (Linux)�&#8212;�Computer Technology Blog' (http://tinyurl.com/5hm8pt) -- toketoke ------------------------------------------------------------------------ Resolved this If you create a /opt/prism/plugins folder and copy libflashplayer.so into there and not into /opt/prism/xulrunner/plugins as ...

8.0.2 database with 8.0.0 engine
Hi All, A simple question on sybase ASA versioning.... Can i send a db created or (upgraded) in a 8.0.2 environment (on WK2) to a customer running the db on a 8.0.0 server (on linux - no 8.0.2 at the moment). Regards to active supporters of this effective newsgroup. Francois PS: By the way the 8.0.2 document is just plain superb :) A database that has been dbinit'ed by an 8.0.2 engine will not be usable by a 8.0.0 or 8.0.1 engine - the earlier engine versions won't know how to handle capability bit 20. I haven't checked all of the particulars on what happ...

Migration from SQLAnywhere 8.0.0 to 8.0.2
Hi, We are planning to migrate one application from 8.0.0 to 8.0.2 which uses SQL Remote for replication. So, can we install two different versions of SQL Anywhere Studio i.e. 8.0.0 and 8.0.2 on the same machine? If not, then what are the migration issues, if any. Do I need to make changes in my existing code which interact with database? What is the overall effect of migration on SQL Remote stuff? Pointers most welcome. Thanks in advance. Pankaj Gupta Yes you can install 8.0.0 and 8.0.2 on the same machine. You do have to explicitly specify path information for the s...

Firefox 3.0 RC1
Name: Fred Email: fredbaillyathotmaildotcom Product: Firefox Summary: Firefox 3.0 RC1 - Adobe Flash player 8 cannot be installed Comments: error message on installation attempts Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9) Gecko/2008051206 Firefox/3.0 From URL: http://hendrix.mozilla.org/ ...

Web resources about - Vulnerabilities in Adobe Flash Player 8.0.24.0 - grc.news.latestversions

Common Vulnerabilities and Exposures - Wikipedia, the free encyclopedia
... (also called "CVE names", "CVE numbers", "CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information security vulnerabilities. ...

Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted ...
http://www.unhcfreg.com http://cyberforensics.newhaven.edu Interested in studying with us? http://www.newhaven.edu/engineering/get-informati ...

Security appliances are riddled with serious vulnerabilities, researcher says - firewalls, Citrix, antispam ...
... and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, ...

Researcher unearths two new Java zero-day bugs - Cybercrime and Hacking, security, Malware and Vulnerabilities ...
A Polish security firm known for rooting out Java vulnerabilities has reported two new bugs in the browser plug-in to Oracle, Security Explorations ...

Sophos fixes vulnerabilities in its Web security appliance - patches, firewalls, Networking, security ...
... vendor Sophos has released an update for the software used on its Web gateway security appliance in order to address three serious vulnerabilities ...

Apple iOS v6.1 (iPhone5) - 2 x Mobile Pass Code (Auth) Bypass Vulnerabilities #2013 - YouTube
iOS v6.1 - Mobile Code Lock Bypass Vulnerabilities (x2) 1# Emergency call function via power off (standby) (already release by another researcher) ...

New vulnerabilities found in software behind Heartbleed bug
Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious "Heartbleed" Internet threat that surfaced ...

Shakeup after report highlights U.S. airport security vulnerabilities - CTV News
U.S. Homeland Security Secretary Jeh Johnson has reassigned the leader of the Transportation Security Administration and directed the agency ...

Apple blocks all outdated versions of Adobe Flash in Safari due to vulnerabilities
... Apps , update , and OS X at 9to5Mac . What do you think? Discuss "Apple blocks all outdated versions of Adobe Flash in Safari due to vulnerabilities" ...

HackerOne: A Superior Solution for Solving Web Vulnerabilities
... this growing problem. Some companies have attacked this problem by offering financial rewards to researchers that help them identify vulnerabilities. ...

Resources last updated: 2/3/2016 9:53:02 AM