Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. adobe-flash March 10, 2009 May 28, 2009: 04 239543 251496 260264 remote 10.0.22.87 10.0.22.87

The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content.

Multiple vulnerabilities have been discovered in Adobe Flash Player:

A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the "non-root domain policy" of Flash, and gain escalated privileges.

There is no known workaround at this time.

All Adobe Flash Player users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.22.87"
CVE-2008-3873 CVE-2008-4401 CVE-2008-4503 CVE-2008-4818 CVE-2008-4819 CVE-2008-4821 CVE-2008-4822 CVE-2008-4823 CVE-2008-4824 CVE-2008-5361 CVE-2008-5362 CVE-2008-5363 CVE-2008-5499 CVE-2009-0114 CVE-2009-0519 CVE-2009-0520 CVE-2009-0521 a3li p-y