FYI...
Adobe - multiple critical updates
Flash Player- critical update
- http://www.adobe.com/support/securit...apsb11-18.html
June 14, 2011 - "A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions... Adobe recommends... update to Adobe Flash Player 10.3.181.26... Note:... does -not- affect the Authplay.dll component that ships with Adobe Reader and Acrobat..."
CVE number: CVE-2011-2110
Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.adobe.com/get/flas..._player_ax.exe
For IE ...
- http://fpdownload.adobe.com/get/flas...ash_player.exe
For Firefox, other browsers, etc...
Flash test site: http://www.adobe.com/software/flash/about/
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2110
Last revised: 06/17/2011
CVSS v2 Base Score: 10.0 (HIGH)
- http://www.securitytracker.com/id/1025651
Jun 14 2011 - CVE-2011-2110
... This vulnerability is being actively exploited via targeted web pages.
Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix 10.3.181.26*...
- http://secunia.com/advisories/44964/
Release Date: 2011-06-15
Criticality level: Extremely critical...
NOTE: The vulnerability is reportedly being actively exploited in targeted attacks... 10.3.181.23 and earlier...
Solution: Apply updates... (10.3.181.26)...
___
Reader and Acrobat - critical updates
- http://www.adobe.com/support/securit...apsb11-16.html
June 14, 2011 - "Critical vulnerabilities have been identified in Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier...
Adobe recommends users of Adobe Reader X (10.0.3) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1). For users of Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1), Adobe has made available updates, Adobe Reader 9.4.5 and Adobe Reader 8.3...
Adobe recommends users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3... Users can utilize the product's update mechanism..."
CVE numbers: CVE-2011-2094, CVE-2011-2095, CVE-2011-2096, CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2100, CVE-2011-2101, CVE-2011-2102, CVE-2011-2103, CVE-2011-2104, CVE-2011-2105, CVE-2011-2106
... before 8.3, 9.x before 9.4.5, and 10.x before 10.1...
- http://www.securitytracker.com/id/1025658
June 14 2011
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network...
Version(s): 8.x - 8.2.6, 9.x - 9.4.4, 10.x - 10.0.3
Solution: The vendor has issued a fix (8.3, 9.4.5, 10.1).
___
Shockwave Player - critical update
- http://www.adobe.com/support/securit...apsb11-17.html
June 14, 2011 - "Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.620 and earlier versions... Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions upgrade to the newest version 11.6.0.626, available here: http://get.adobe.com/shockwave/ "
CVE number: CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2108, CVE-2011-2109, CVE-2011-2111, CVE-2011-2112, CVE-2011-2113, CVE-2011-2114, CVE-2011-2115, CVE-2011-2116, CVE-2011-2117, CVE-2011-2118, CVE-2011-2119, CVE-2011-2120, CVE-2011-2121, CVE-2011-2122, CVE-2011-2123, CVE-2011-2124, CVE-2011-2125, CVE-2011-2126, CVE-2011-2127
___
Hotfix available for ColdFusion
- http://www.adobe.com/support/securit...apsb11-14.html
June 14, 2011 - "Important vulnerabilities have been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. These vulnerabilities could lead to a cross-site request forgery (CSRF) or a remote denial-of-service (DoS). Adobe recommends users update their product...
Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
- http://kb2.adobe.com/cps/907/cpsid_90784.html ..."
CVE number: CVE-2011-0629, CVE-2011-2091
___
LiveCycle Data Services, LiveCycle ES, and BlazeDS - Security update
- http://www.adobe.com/support/securit...apsb11-15.html
June 14, 2011 - "Two important security vulnerabilities have been identified in LiveCycle Data Services and BlazeDS. These vulnerabilities affect LiveCycle Data Services 3.1, 2.6.1, 2.5.1 and earlier versions for Windows, Macintosh and UNIX, and LiveCycle 9.0.0.2, 8.2.1.3, 8.0.1.3 and earlier versions for Windows, Linux and UNIX. These vulnerabilities also affect BlazeDS 4.0.1 and earlier versions. Adobe recommends users update their product...
Solution... " Use the URL above for instructions and links.
CVE number: CVE-2011-2092, CVE-2011-2093