ITS Homepage Click here for text version of ITS homepage
Contact UAlbany Directories Calendars & Schedules Visitors Site Index Search
Admissions Academics Research IT Services Libraries Athletics
alerts_tag
*UNPATCHED* Vulnerability in Adobe Flash Player


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number: 052708-01
Alert Date: 05/27/08
Alert Title: *UNPATCHED* Vulnerability in Adobe Flash Player
Update-to: None.
OS/Platform/Application:

Adobe Flash Player - all versions on all browsers potentially vulnerable

Category: ALERT
Severity: HIGH
Attention: Flash Users, System Administrators, Desktop Support Personnel.

Summary: Internet Security resources are currently reporting the recent discovery of a vulnerability in Adobe systems' popular Flash Media player.  The most likely method of exploitation would be the visitation of a website that is hosting a maliciously-crafted SWF ('Shockwave flash') media file*.  Successful exploitation of this vulnerability could result in complete takeover of a vulnerable computer.  At the time of this writing (12:00 PM 5/27/08) No patch has yet been made available from the vendor to address this vulnerability and security resources are stating that the vulnerability is already being actively exploited on the Internet.

*SWF or 'Shockwave Flash' is a technology used to insert animations, movies, sounds etc into web pages.  In some cases, an SWF movie or animation will play automatically when a browser visits a web page.  Some advertisements (popup or otherwise) found on web pages use SWF to immediately play content when a user visits a website even if he/she is not visiting the website with the intention of viewing any type of movie or media file.  The automatic nature of this media-playing technology increases the potential danger to users when security vulnerabilities and exploits are made available to malicious software users.

Recommended Actions:   Users, System Administrators, and Support Personnel are strongly encouraged to use extreme caution when browsing unfamiliar, untrusted, or media-intensive websites that may host SWF movies or similar files.  Please note that this vulnerability may affect ALL browser types.  Users of Firefox (and variants of Firefox) may wish to consider using the 'Flashblock' plugin that can help to stop the automatic playing of SWF files.  Users are urged to apply the updated version of Flash Player as soon as it is made available from Adobe Systems.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

FrSIRT Advisory:
http://www.frsirt.com/english/advisories/2008/1662

Mozdev 'Flashblock' page (for users of Firefox, Netscape, etc):
http://flashblock.mozdev.org/
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies