--
1) Shockwave Player 12.0.2.122Where to download:
http://get.adobe.com/shockwave/
Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-12.html
CVE Security Holes Patched:
CVE-2013-1383 - "a buffer overflow vulnerability that could lead to code execution"
CVE-2013-1384, CVE-2013-1386 - "memory corruption vulnerabilities that could lead to code execution"
CVE-2013-1385 - "a memory leakage vulnerability that could be exploited to reduce the effectiveness of address space randomization"
2) Flash Player 11.7.700.169
Where to download:
http://get.adobe.com/flashplayer/
Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-11.html
CVE Security Holes Patched:
CVE-2013-2555 - "an integer overflow vulnerability that could lead to code execution"
CVE-2013-1378, CVE-2013-1380 - "memory corruption vulnerabilities that could lead to code execution"
CVE-2013-1379 - "a memory corruption vulnerability caused by Flash Player improperly initializing certain pointer arrays, which could lead to code execution"
3) AIR 3.7.0.1530
Where to download:
Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-11.html
CVE Security Holes Patched (same as Flash Player above):
CVE-2013-2555 - "an integer overflow vulnerability that could lead to code execution"
CVE-2013-1378, CVE-2013-1380 - "memory corruption vulnerabilities that could lead to code execution"
CVE-2013-1379 - "a memory corruption vulnerability caused by Flash Player improperly initializing certain pointer arrays, which could lead to code execution"
4) ColdFusion Security Hotfix APSB13-10
Download and Installation Instructions:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-10.html
Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-10.html
CVE Security Holes Patched:
CVE-2013-1387 - "a vulnerability that could be exploited to impersonate an authenticated user"
CVE-2013-1388 - "a vulnerability that could be exploited by an unauthorized user to gain access to the ColdFusion administrator console"
Summary:
Shockwave, Flash and AIR security holes are all related to bad memory management, the usual plague of modern coding.
ColdFusion has two authentication security holes.
Coming Up:
Oracle is scheduled to post a new version of the Java 7 browser plugin on Tuesday, 2013-04-16. Rumor has it that Oracle is holding onto over 50 known security holes in Java 7. Let's see how many they bother to patch this time. I'm not optimistic. :-P
No comments:
Post a Comment