Summary:
A vulnerability has been reported for Adobe Flash Player that allows an attacker to run code on a vulnerable system. This specifically affects Adobe Flash 9.X but may also affect other versions.
At this time, there are no patches for the vulnerability. Instead, Secunia and US-CERT are recommending that users do not browse untrusted websites. Also, US-CERT is recommending that users install and use NoScript for Firefox.
More information may be found here:
http://secunia.com/advisories/30404/
http://www.kb.cert.org/vuls/id/395473
Detail:
From:
http://blogs.zdnet.com/security/?p=1189&tag=nl.e589
http://isc.sans.org/diary.html?storyid=4465
Malware hunters have spotted a previously unknown ? and unpatched ? Adobe Flash vulnerability being exploited in the wild.
The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.
Technical details on the vulnerability are not yet available. Adobe?s product security incident response team is investigating <link expired> .
This SecurityFocus advisory warns <http://www.securityfocus.com/bid/29386/discuss> :
Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.