===================================================================== CERT-Renater Note d'Information No. 2006/VULN090 _____________________________________________________________________ DATE : 16/03/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Flash Player, Adobe Graphics Server, Adobe Document Server ====================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adobe Security Bulletin: - Flash Player - Adobe Graphics Server and Adobe Document Server ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ APSB06-03 ¿ Flash Player Update to Address Security Vulnerabilities Originally posted: March 14, 2006 Summary: Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform Severity Rating: Adobe categorizes this issue as critical and recommends that users apply this workaround to their installations: http://www.adobe.com/support/security/severity_ratings.html Learn more: http://www.macromedia.com/go/apsb06-03/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ APSB06-04 - Adobe Graphics Server and Adobe Document Server configuration security vulnerability Originally posted: March 14, 2006 Summary: Adobe has been made aware of a potential security vulnerability in the recommended configuration of Adobe Graphics Server and Adobe Document Server on the Windows operating system. This potential security vulnerability might enable execution of code on servers that are accessed through interactive logon. Severity Rating: Adobe categorizes this issue as moderate and recommends that users apply this workaround to their installations: http://www.adobe.com/support/security/severity_ratings.html Learn more: http://www.adobe.com/support/techdocs/332989.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS, OR FIXES PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. IN NO EVENT SHALL ADOBE, INC. OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE. Adobe reserves the right, from time to time, to update the information in this document with current information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a security message from Adobe Systems Incorporated, its subsidiaries, and affiliates ("Adobe"), 345 Park Avenue, San Jose, CA 95110 USA. If you would prefer not to receive e-mail like this from Adobe in the future, please respond to this email and include ¿Unsubscribe¿ in the subject line or send an e-mail to: direct@adobesystems-macromedia.com Your privacy is important to us. Please review Adobe's online Privacy Policy by clicking here: http://www.adobe.com/misc/privacy.html ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================