207 replies to this topic

[AplusWebMaster]

FYI...

Adobe Shockwave Player v11.5.2.602 released
- http://www.adobe.com.../apsb09-16.html
Release date: November 3, 2009
Affected software versions: Shockwave Player 11.5.1.601 and earlier versions
Solution: Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/
Severity rating: Adobe categorizes this as a critical update and recommends that users apply the update for their product installations...
CVE number:
http://web.nvd.nist....d=CVE-2009-3244
http://web.nvd.nist....d=CVE-2009-3463
http://web.nvd.nist....d=CVE-2009-3464
http://web.nvd.nist....d=CVE-2009-3465
http://web.nvd.nist....d=CVE-2009-3466
Platform: Windows and Macintosh

Once again, still ...
- http://voices.washin...x_for_adob.html
"... by default this patch will also try to install Symantec's Norton Security Scan, a clever marketing tool by Symantec that checks to see if you have malware on your system and then prompts you to buy their software to remove any found items. I find the bundling of a serious security update with this otherwise useless tool annoying, and potentially counter-productive... did they borrow the idea from the people pushing rogue anti-virus products (or was it the other way around?) At any rate, if you don't want this extra software, be sure to deselect that option before proceeding with the update."

Test site:
- http://www.adobe.com...ckwave/welcome/

- http://secunia.com/advisories/37214/2/
Release Date: 2009-11-04
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 11.5.2.602...

- http://news.techworl...ve-player-bugs/
"... installed on some 450 million PCs..."

Edited by AplusWebMaster, 05 November 2009 - 01:56 PM.

[AplusWebMaster]

FYI...

Pre-Notification - Security Update for Adobe Flash Player
- http://www.adobe.com.../apsb09-19.html
December 3, 2009 - "Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues. Adobe expects to make these updates available on December 8, 2009...
Affected software versions:
Adobe Flash Player 10.0.32.18 and earlier versions
Adobe AIR 1.5.2 and earlier versions
Severity rating: Adobe categorizes these as critical updates."

Also see: Adobe Illustrator
- http://web.nvd.nist....d=CVE-2009-4195

- http://www.adobe.com.../apsa09-06.html
December 07, 2009 - "... Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010. Adobe recommends customers avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available..."

Edited by AplusWebMaster, 07 December 2009 - 10:40 PM.

[AplusWebMaster]

FYI...

Flash Player v10.0.42.34 released
- http://www.adobe.com.../apsb09-19.html
December 8, 2009 - "... All Platforms...
Affected software versions:
Adobe Flash Player 10.0.32.18 and earlier versions
Adobe AIR 1.5.2 and earlier versions...
Adobe recommends all users of Adobe Flash Player 10.0.32.18 and earlier versions upgrade to the newest version 10.0.42.34 by downloading it from the Flash Player Download Center or by using the auto-update mechanism within the product when prompted...
CVE numbers: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951 ..."

- http://www.adobe.com.../apsb09-19.html
Revisions: December 10, 2009 - Bulletin updated with corrected version numbers in Details section and link to Flash Player 9 under Solution.
"... For users who cannot update to Adobe Flash Player 10, Adobe has developed a patched version of Adobe Flash Player 9, Adobe Flash Player 9.0.260, which can be downloaded from the following link:
http://www.adobe.com/go/kb406791 "

- http://get.adobe.com/flashplayer/
Browser: Firefox, Safari, Opera - install_flash_player.exe

- http://get.adobe.com.../otherversions/
Internet Explorer - install_flash_player_ax.exe

- http://get.adobe.com/air/

- http://secunia.com/advisories/37584/2/
Release Date: 2009-12-09
Critical: Highly critical
Impact: Exposure of system information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Adobe AIR 1.x, Adobe Flash Player 10.x ...
Solution: Update to Flash Player version 10.0.42.34 and AIR version 1.5.3...
Original Advisory: Adobe:
http://www.adobe.com.../apsb09-19.html

Edited by AplusWebMaster, 10 December 2009 - 09:12 PM.

[AplusWebMaster]

FYI...

Adobe Reader v9.3 released
- http://www.adobe.com.../apsb10-02.html
January 12, 2010 - "... Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. Updates apply to all platforms: Windows, Macintosh and UNIX...
- http://get.adobe.com/reader
CVE numbers: CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324
Platform: All ...
Severity rating:
Adobe categorizes this as a critical update and recommends that users apply the update for their product installations..."

Release notes:
- http://kb2.adobe.com...psid_52073.html

- http://secunia.com/advisories/38138/2/
Release Date: 2010-01-13 - "... Support has ended for Adobe Reader 7.x and Acrobat 7.x on Windows, Macintosh, and UNIX...
Solution: ...Upgrade to version 8.2 or 9.3..."

Edited by AplusWebMaster, 13 January 2010 - 05:17 AM.

[AplusWebMaster]

FYI...

Shockwave v11.5.6.606 released
- http://www.adobe.com.../apsb10-03.html
Release date: January 19, 2010
CVE number: CVE-2009-4002, CVE-2009-4003
Platform: Windows and Macintosh
"... Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606, available here: http://get.adobe.com/shockwave/ ... Adobe categorizes this as a critical update and recommends that users apply the update for their product installations..."

- http://secunia.com/advisories/37888/2/
Release Date: 2010-01-20
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Adobe Director 11.x, Adobe Shockwave Player 11.x
Solution: Update to Shockwave version 11.5.6.606.

Edited by AplusWebMaster, 20 January 2010 - 04:30 AM.

[AplusWebMaster]

FYI...

ColdFusion 9.0 vuln
- http://www.adobe.com.../apsb10-04.html
January 29, 2010
- Summary: An important vulnerability (CVE-2010-0185) has been identified in ColdFusion 9.0, which could allow access to collections created by the Solr Service to be accessed from any external machine using a specific URL. Adobe has provided a solution to the reported vulnerability...
- Affected software versions: ColdFusion 9.0
- Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions below:
- http://kb2.adobe.com...psid_80719.html ..."

- http://secunia.com/advisories/38387/2/
Release Date: 2010-02-01
Critical: Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Vendor Workaround
Software: Adobe ColdFusion 9.x
Solution: Follow the vendor's instructions in order to restrict Solr access:
http://kb2.adobe.com...psid_80719.html
Original Advisory:
http://www.adobe.com.../apsb10-04.html

Edited by AplusWebMaster, 01 February 2010 - 04:28 AM.

[AplusWebMaster]

FYI...

Adobe Flash Player Domain Sandbox Bypass Vuln
- http://secunia.com/advisories/38547/
Release Date: 2010-02-12
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: Adobe AIR 1.x, Adobe Flash CS3, Adobe Flash CS4, Adobe Flash Player 10.x, Adobe Flex 3.x
Original Advisory: http://www.adobe.com.../apsb10-06.html
"...Details:
A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a potential Denial of Service issue (CVE-2010-0187).
Adobe recommends users of Adobe Flash Player 10.0.42.34 and earlier versions update to Adobe Flash Player 10.0.45.2.
- http://get.adobe.com/flashplayer/
*Adobe recommends all users of Adobe AIR version 1.5.3.9120 and earlier update to the newest version 1.5.3.9130..."
- http://get.adobe.com/air/
Revisions: February 12, 2010 - Bulletin updated with corrected version numbers for AIR.*
- http://atlas.arbor.n...ndex#1106299496
February 15, 2010 - "High Severity... Analysis: This is a serious issue that we encourage all sites to schedule an update..."

- http://web.nvd.nist....d=CVE-2010-0186
Last revised: 02/26/2010
Flash Player before 10.0.45.2, AIR before 1.5.3.9130...
CVSS v2 Base Score: 6.8 (MEDIUM)
- http://web.nvd.nist....d=CVE-2010-0187
Last revised: 02/26/2010
Flash Player before 10.0.45.2, AIR before 1.5.3.9130...
CVSS v2 Base Score: 4.3 (MEDIUM)

Adobe Products XML Processing Information Disclosure
- http://secunia.com/advisories/38543/
Release Date: 2010-02-12
Criticality level: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: Adobe BlazeDS 3.x, Adobe ColdFusion 8.x, Adobe ColdFusion 9.x, Adobe ColdFusion MX 7.x, Adobe Flex Data Services 2.x, Adobe LiveCycle 8.x, Adobe LiveCycle 9.x, Adobe LiveCycle Data Services 2.x, Adobe LiveCycle Data Services 3.x
Solution: Apply patches. Please see the vendor's advisory for required installation steps.
Original Advisory: http://www.adobe.com.../apsb10-05.html
"... Summary:
An important vulnerability (CVE-2009-3960) has been identified in BlazeDS 3.2 and earlier versions. When processing incoming requests, XML external entity references and injected tags can result in disclosure of information. This issue affects LiveCycle 9.0, 8.2.1 and 8.0.1, and ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2, which are installed with different versions of Data Services products. Adobe has provided a solution for the reported vulnerability for each affected Adobe product. It is recommended that users update their installations of each affected Adobe product to the latest version using the instructions provided..."

- http://web.nvd.nist....d=CVE-2009-3960
Last revised: 02/26/2010
BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0...
CVSS v2 Base Score: 4.3 (MEDIUM)

Edited by AplusWebMaster, 02 March 2010 - 04:42 PM.

[AplusWebMaster]

FYI...

Adobe Reader/Acrobat critical update released
- http://www.adobe.com.../apsb10-07.html
February 16, 2010 - "... this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader 9.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.1. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3.1, Adobe has provided the Adobe Reader 8.2.1 update.
Adobe recommends users of Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.1. Adobe recommends users of Acrobat 8.2 and earlier versions for Windows and Macintosh update to Acrobat 8.2.1.
Affected software versions:
Adobe Reader 9.3 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh
Solution: Adobe Reader:
Users can utilize the product's automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now.
Adobe Reader users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Adobe Reader users on Macintosh can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com...s/reader/unix9/ (download latest update from 9.3.1 folder)...
Adobe Acrobat:
Users can utilize the product's automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Acrobat Pro Extended users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Acrobat 3D users on Windows can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Acrobat Pro users on Macintosh can find the appropriate update here:
http://www.adobe.com...wnloads/new.jsp .
Severity rating:
Adobe categorizes this as a critical update and recommends that users apply the update ..."

- http://web.nvd.nist....d=CVE-2010-0188
Last revised: 02/26/2010
Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1...
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/38551/
Last Update: 2010-02-17
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Vendor Patch
Software: Adobe Acrobat 3D 8.x, Adobe Acrobat 8 Professional, Adobe Acrobat 8.x, Adobe Acrobat 9.x, Adobe Reader 8.x, Adobe Reader 9.x
Solution: Update to version 8.2.1 or 9.3.1.

- http://blog.trendmic...er-and-acrobat/
Feb. 21, 2010

Edited by AplusWebMaster, 02 March 2010 - 04:20 PM.

[AplusWebMaster]

FYI...

Adobe Download Manager - critical update
- http://www.adobe.com.../apsb10-08.html
February 23, 2010 - "Summary:
A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system. Users, who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions in the Solution section below.
Affected software versions: Adobe Download Manager on Windows (prior to February 23, 2010)
> Solution:
Users, who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below:
• Ensure that the C:\Program Files\NOS\ folder and its contents ("NOS files") are not present on your system. (If the folder is present, follow the steps below to remove).
• Click "Start" > "Run" and type "services.msc". Ensure that "getPlus® Helper" is not present in the list of services.
If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
• Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
-OR-
• Clicking "Start" > "Run" and typing "services.msc". Then deleting "getPlus® Helper" from the list of services.
• Then delete the C:\Program Files\NOS\ folder and its contents.
This issue is resolved as of February 23, 2010, and no action is required for future downloads of Adobe Reader from http://get.adobe.com/reader/ or Adobe Flash Player from http://get.adobe.com/flashplayer/.
> Severity rating:
Adobe categorizes this as a critical update. Users can remove potentially vulnerable installations of the Adobe Download Manager using the instructions in the Solution section above.
Details:
A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system.
The Adobe Download Manager is intended for one-time use. The Adobe Download Manager is designed to remove itself from the computer after use at the next computer restart. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine using the instructions in the Solution section above."

- http://web.nvd.nist....d=CVE-2010-0189
Last revised: 03/02/2010
getPlus Download Manager (aka DLM or Downloader) 1.5.2.35...
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/38729/
Release Date: 2010-02-24
Criticality level: Highly critical
Impact: System access
Where: From remote
Software: Adobe GetPlus DLM 1.x
Original Advisory: Adobe:
http://www.adobe.com.../apsb10-08.html

- http://blog.trendmic...ad-manager-bug/
Feb. 24, 2010

- http://labs.idefense...play.php?id=856
02.23.10
... DISCLOSURE TIMELINE
06/09/2009 Initial Vendor Notification
06/09/2009 Initial Vendor Reply
02/23/2010 Coordinated Public Disclosure

Edited by AplusWebMaster, 02 March 2010 - 04:19 PM.

[AplusWebMaster]

FYI...

Security Advisory for Adobe Reader and Acrobat
- http://www.adobe.com.../apsb10-09.html
April 8, 2010 = "Adobe is planning to release updates for Adobe Reader 9.3.1 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.1 for Windows and Macintosh, and Adobe Reader 8.2.1 and Acrobat 8.2.1 for Windows and Macintosh to resolve critical security issues. Adobe expects to make these quarterly updates available on April 13, 2010. Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt * ..."

- http://web.nvd.nist....d=CVE-2009-4764
- http://web.nvd.nist....d=CVE-2010-1240
- http://web.nvd.nist....d=CVE-2010-1241

* http://blogs.adobe.c...rterly_s_2.html
April 8, 2010 - "A Security Advisory has been posted in regards to the upcoming Adobe Reader and Acrobat updates scheduled for April 13, 2010. The updates will address critical security issues in the products. This quarterly security update will be made available for Windows, Macintosh and UNIX. With this quarterly update, we are enabling the new updater first shipped in a passive state with the October quarterly security update. For more information, please refer to the Adobe Reader blog**...."

** http://blogs.adobe.c...r_and_acro.html
April 8, 2010

.

Edited by AplusWebMaster, 13 April 2010 - 07:30 AM.

[AplusWebMaster]

FYI...

Security update available for Adobe Reader and Acrobat
- http://www.adobe.com.../apsb10-09.html
April 13, 2010 - "... Adobe recommends users of Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.2. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.2, Adobe has provided the Adobe Reader 8.2.2 update.) Adobe recommends users of Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.2. Adobe recommends users of Acrobat 8.2.1 and earlier versions for Windows and Macintosh update to Acrobat 8.2.2...
... Users can utilize the product's automatic update feature...
... users on Windows/Macintosh can also find the appropriate update here:
- http://www.adobe.com...wnloads/new.jsp
... Unix users here:
- http://www.adobe.com...s/reader/unix9/
(download latest update from 9.3.2 folder)

CVE numbers: CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193, CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197, CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202, CVE-2010-0203, CVE-2010-0204, CVE-2010-1241
Platform: All Platforms

- http://secunia.com/advisories/39272/
Release Date: 2010-04-14
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Software: Adobe Acrobat 3D 8.x, Adobe Acrobat 8 Professional, Adobe Acrobat 8.x, Adobe Acrobat 9.x, Adobe Reader 8.x, Adobe Reader 9.x
Solution: Update to version 9.3.2 or 8.2.2.

- http://atlas.arbor.n...index#-69029221
April 20, 2010 - "Analysis: We have seen exploit code used for some of these bugs, most notably with the Zeus botnet. We encourage all sites to update their Adobe PDF viewers immediately to address these issues."

Edited by AplusWebMaster, 21 April 2010 - 05:54 AM.

[AplusWebMaster]

FYI...

Security issues in Adobe Photoshop CS4 11.0.0
- http://www.adobe.com.../apsb10-10.html
April 30, 2010 - "Critical vulnerabilities have been identified in Photoshop CS4 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system... Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.1 using the instructions below.
To verify the version of Adobe Photoshop CS4 currently installed, choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To check for updates, choose Help > Updates from the Adobe Photoshop menu bar.
Photoshop CS4 customers can also find the Photoshop CS4 11.0.1 update for Windows or Macintosh here:
Adobe Photoshop CS4 11.0.1 update for Windows
- http://www.adobe.com....jsp?ftpID=4292
Adobe Photoshop CS4 11.0.1 update for Macintosh
- http://www.adobe.com....jsp?ftpID=4291
Note: These issues do not affect Photoshop CS5..."

- http://www.adobe.com...wnloads/new.jsp

Adobe Photoshop CS4 TIFF File Processing vuln - update available
- http://secunia.com/advisories/39711/
Release Date: 2010-05-03
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to Photoshop CS4 11.0.1.

Adobe Photoshop -CS3- TIFF File Processing Vuln
- http://secunia.com/advisories/39709/
Release Date: 2010-05-05
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: -Unpatched-
Solution: Upgrade to a higher version.

Edited by AplusWebMaster, 05 May 2010 - 06:14 AM.

[AplusWebMaster]

FYI...

Shockwave Player v11.5.7.609 released
- http://www.adobe.com.../apsb10-12.html
May 11, 2010 - "... Summary:
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.6.606 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609, using the instructions provided below.
Affected software versions: Shockwave Player 11.5.6.606 and earlier versions for Windows and Macintosh
Solution: Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions upgrade to the newest version 11.5.7.609, available here:
- http://get.adobe.com/shockwave/
CVE number: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292
Platform: Windows and Macintosh

Adobe Shockwave Player Multiple Vulnerabilities
- http://secunia.com/advisories/38751/

Hotfixes available for ColdFusion
- http://www.adobe.com.../apsb10-11.html
May 11, 2010 - "... Summary:
Important vulnerabilities have been identified in ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX. The vulnerabilities could lead to cross-site scripting and information disclosure.
Affected software versions: ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the following link:
- http://kb2.adobe.com...psid_84102.html
CVE number: CVE-2009-3467, CVE-2010-1293, CVE-2010-1294
Platform: All Platforms ..."

Adobe ColdFusion Cross-Site Scripting and Information Disclosure
- http://secunia.com/advisories/39790/

Edited by AplusWebMaster, 12 May 2010 - 05:39 AM.

[AplusWebMaster]

FYI...

Photoshop CS4 v11.0.2 - security update
- http://www.adobe.com.../apsb10-13.html
May 26, 2010 - "Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system... Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2, which resolves these issues.
Note: None of these issues affect Photoshop CS5.
To verify the version of Adobe Photoshop CS4 currently installed, choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To check for updates,
choose Help > Updates from the Adobe Photoshop menu bar.
Photoshop CS4 customers can also find the Photoshop CS4 11.0.2 update for Windows or Macintosh here:
* Adobe Photoshop CS4 11.0.2 update for Windows
- http://www.adobe.com....jsp?ftpID=4713
* Adobe Photoshop CS4 11.0.2 update for Macintosh
- http://www.adobe.com....jsp?ftpID=4712 ..."

- http://secunia.com/advisories/39934/
Release Date: 2010-05-27
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 11.0.2...

- http://web.nvd.nist....d=CVE-2010-1296
Last revised: 05/27/2010

Edited by AplusWebMaster, 28 May 2010 - 04:01 AM.

[AplusWebMaster]

FYI...

Adobe Flash v 10.1.53.64 released
- http://www.adobe.com.../apsb10-14.html
June 10, 2010 - "... Adobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64* by downloading it from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted... Adobe recommends users of Adobe Flash Player 10.0.45.2 and earlier versions update to Adobe Flash Player 10.1.53.64...
CVE number: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189 ...
* http://www.adobe.com...o/instructions/

- http://web.nvd.nist....d=CVE-2010-1297
Last revised: 06/25/2010
CVSS v2 Base Score: 9.3 (HIGH)

Direct download current version - executable Flash Player installer...
- http://fpdownload.ad...h_player_ax.exe
For IE ...
- http://fpdownload.ad...lash_player.exe
For Firefox, other browsers, etc...

Test after install:
- http://www.adobe.com...re/flash/about/

... For users who cannot update to Flash Player 10.1.53.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.277.0:
- http://kb2.adobe.com...6/kb406791.html
2010-06-10

- http://atlas.arbor.n...ndex#-151014831
Severity: Extreme Severity
... Exploit code is in circulation in the wild. Adobe has released APSB10-14 to address this issue.
Analysis: This is a key update for all Adobe users, and we encourage all sites to update as soon as possible.

- http://securitytrack...un/1024085.html
Jun 11 2010

- http://secunia.com/advisories/40026/
Last Update : 2010-06-11
Criticality level: Extremely critical
Impact: Cross Site Scripting, System access
Where: From remote ...
Solution: Update to version 9.0.277.0 or 10.1.53.64.

Adobe AIR v2.0.2.12610
- http://get.adobe.com/air/
... http://secunia.com/advisories/40144/
Release Date: 2010-06-11
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Solution: Upgrade to version 2.0.2.12610...

- http://www.adobe.com.../apsa10-01.html
Last updated: June 10, 2010 - "... We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010..."

Edited by AplusWebMaster, 26 June 2010 - 09:53 AM.