Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2010 > AV10-030: Multiple Vulnerabilities in Adobe Flash Player and AIR

Institutional links

Multiple Vulnerabilities in Adobe Flash Player and AIR

Number: AV10-030
Date: 11 August 2010

Purpose

The purpose of this advisory is to raise awareness of multiple critical vulnerabilities in Adobe Flash Player and Adobe Integrated Runtime (AIR).

Assessment

The following six vulnerabilities have been identified in Adobe Flash and AIR, which could be exploited by attackers to disclose sensitive information or compromise a vulnerable system.

* three unspecified memory corruption errors that could be exploited by attackers to execute arbitrary code via a specially crafted web page
* a memory corruption error in the ActionScript Virtual Machine 1 (AVM1) when processing the ActionPush command
* a memory corruption error within the connect method exposed via the ActionScript native object number 2200
* An unspecified error that could allow click-jacking attacks.

CVE References: CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216

Users can update their Adobe Flash Player via the auto-update mechanism or by downloading it here:
http://get.adobe.com/flashplayer/

For users who cannot update to Flash Player 10.1.82.76, Adobe has developed a patched version of Flash Player 9. It can be downloaded here:

CCIRC recommends that organizations liaise with the administrators/maintainers of the affected products to assess exposure and apply vendor-recommended updates as appropriate.

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-08-11
Top of Page
Top of Page
Important Notices