FYI...
Flash Player multiple vulns - updates available
- http://www.adobe.com/support/securit...apsb08-20.html
Release date: November 5, 2008
Vulnerability identifier: APSB08-20
CVE number: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823 ...
Platform: All Platforms
Summary: Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users update to the most current version of Flash Player available for their platform. No action is required by customers who have already updated to Flash Player 10.0.12.36. The Flash Player 9.0.151.0 update addresses the issues previously reported in Security Bulletin APSB08-18 in addition to the issues outlined in this Security Bulletin.
Affected software versions: Adobe Flash Player 9.0.124.0 and earlier.
To verify the Adobe Flash Player version number, access the About Flash Player page* ...
* http://www.adobe.com/products/flash/about/
Solution: Adobe recommends all users of Adobe Flash Player 9.0.124.0 and earlier versions upgrade to the newest version 10.0.12.36 by downloading it from the Player Download Center**, or by using the auto-update mechanism within the product when prompted.
** http://www.adobe.com/go/getflashplayer
For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.151.0, which can be downloaded from the following link***.
*** http://www.adobe.com/go/kb406791
Severity rating: Adobe categorizes this as a critical update due to the issues previously outlined in Security Bulletin APSB08-18 and recommends affected users upgrade to version 10.0.12.36...
http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-4818
http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-4819
http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-4820
http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-4821
http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-4822
http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-4823