blob: eff012faba908a183d53c84065f8f6f744659f37 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200610-02">
<title>Adobe Flash Player: Arbitrary code execution</title>
Multiple input validation errors have been identified that allow arbitrary
code execution on a user's system via the handling of malicious Flash
<product type="ebuild">Flash</product>
<announced>October 04, 2006</announced>
<revised>May 28, 2009: 02</revised>
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
<unaffected range="ge">7.0.68</unaffected>
<vulnerable range="lt">7.0.68</vulnerable>
The Adobe Flash Player is a renderer for Flash files - commonly used to
provide interactive websites, digital experiences and mobile content.
The Adobe Flash Player contains multiple unspecified vulnerabilities.
<impact type="normal">
An attacker could entice a user to view a malicious Flash file and
execute arbitrary code with the rights of the user running the player.
There is no known workaround at this time.
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-plugins/adobe-flash-7.0.68&quot;</code>
<uri link="">Adobe Security Bulletin</uri>
<uri link="">CVE-2006-3311</uri>
<uri link="">CVE-2006-3587</uri>
<uri link="">CVE-2006-3588</uri>
<metadata tag="requester" timestamp="Sat, 30 Sep 2006 20:50:53 +0000">
<metadata tag="submitter" timestamp="Sun, 01 Oct 2006 12:49:26 +0000">
<metadata tag="bugReady" timestamp="Sun, 01 Oct 2006 12:51:08 +0000">