Re: [Flashcoders] security notice: upgrade your flash player
Someone threw me these links about it. http://qoop.org/security/poc/cve-2010-1297/ http://ganjanet.org/flash0day.06092010.tgz (all the files) ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] security notice: upgrade your flash player
Someone threw me these links about it. http://qoop.org/security/poc/cve-2010-1297/ http://ganjanet.org/flash0day.06092010.tgz (all the files) I'm not sure I'd recommend going to the first one of those unless you're running in a VM - it appears to be doing more than just crashing your browser. But it does crash your browser all right. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] security notice: upgrade your flash player
hmm - tried installing, it had the mac version link buried in an 'other systems' section not on the main page. jeez. also had the mcaffe opt-out which sucks. downloaded it (windows XP, safari) and it failed and uninstalled my flash player. never had an issue before with installation. restarted and tried again and it seemed to work. On Thu, Jun 10, 2010 at 11:04 AM, Dave Watts dwa...@figleaf.com wrote: Someone threw me these links about it. http://qoop.org/security/poc/cve-2010-1297/ http://ganjanet.org/flash0day.06092010.tgz (all the files) I'm not sure I'd recommend going to the first one of those unless you're running in a VM - it appears to be doing more than just crashing your browser. But it does crash your browser all right. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] security notice: upgrade your flash player
co...@moock.org wrote: http://www.adobe.com/support/security/advisories/apsa10-01.html So, anyone want to bet what they screwed up this time? Their previous ones was things like signed/unsigned mix ups and so on. The advisory says that it applies to 9 and 10 of the player, but it does not deny that even older player versions may be affected. This means that it is not possible to claim that it is a bug in the new vm. Anyway, if there is one thing that is certain, it is that we wont get any updated content debugging players tomorrow. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
[Flashcoders] security notice: upgrade your flash player
time to upgrade to 10.1... http://www.adobe.com/support/security/advisories/apsa10-01.html === A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/ is confirmed not vulnerable. === colin ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders