=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN438
_____________________________________________________________________

DATE                      : 16/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Adobe Flash CS3
                                                       Professional.

======================================================================
http://www.adobe.com/support/security/advisories/apsa08-09.html
______________________________________________________________________

Release date: October 15, 2008

Vulnerability identifier: APSA08-09

CVE number: CVE-2008-4473

Platform: Windows


Summary

Adobe is aware of recently published security issues in Flash CS3
Professional that could potentially cause code execution. These issues
do not affect any version of Flash Player. An attacker would need to
convince a user to open a malicious SWF file to successfully exploit the
issues.


Details

An attacker would need to convince a user to open a malicious SWF file
to successfully exploit the issues. Adobe recommends that developers
exercise caution when receiving unsolicited or suspicious SWF files.
These issues do not affect Flash CS4 Professional. These issues do not
affect the Mac version of Flash CS3 Professional.


Severity Rating

Adobe categorizes this as a critical issue and recommends that
developers exercise caution when receiving unsolicited or suspicious SWF
files.


Acknowledgments

Adobe would like to thank Paul Craig of Security-Assessment.com for
reporting these vulnerabilities and for working with us to help protect
our customers' security.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================