Office Professional Adobe - Security Advisories

Residence Help Security advisories Safety bulletin Flash Participant update obtainable to deal with protection vulnerabilities ,Office 2007 Pro Key
Release date: July ten, 2007

Vulnerability identifier: APSB07-12

CVE amount: CVE-2007-3456, CVE-2007-3457,Office 2010 Download, CVE-2007-2022

Platform: All platforms
Summary
Critical vulnerabilities have already been identified in Adobe Flash Player that can allow an attacker who effectively exploits these prospective vulnerabilities to take management of your affected technique. A malicious SWF need to be loaded in Flash Participant from the person for an attacker to exploit these potential vulnerabilities. Consumers are advised to update for the most present edition of Flash Player accessible for his or her platform.
Impacted computer software variations
Adobe Flash Player 9.0.forty five.0 and previously, 8.0.34.0 and earlier, and 7.0.69.0 and earlier.

To confirm the Adobe Flash Player version range, access the About Flash Participant page, or right-click on Flash content and decide on “About Adobe (or Macromedia) Flash Player” from the menu. In the event you use several browsers, perform the check for each browser you have put in on your program.
Solution
Adobe recommends all users of Adobe Flash Participant nine.0.forty five.0 and before variations upgrade to the newest version nine.0.47.0 (Win,Microsoft Office 2010 Pro Plus, Mac, Solaris) or nine.0.48.0 (Linux), by downloading it from your Participant Download Center,Office Professional, or by utilizing the auto-update mechanism in the product when prompted.

For clients who cannot upgrade to Adobe Flash Participant nine,Windows 7 64bit, Adobe has formulated a patched model of Flash Participant 7. Make sure you refer for the Flash Participant update TechNote.
Severity rating
Adobe categorizes this as a vital issue and recommends impacted consumers upgrade to version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux).
Details
An input validation error has long been recognized in Flash Player nine.0.forty five.0 and before variations that can result in the possible execution of arbitrary code. This vulnerability could be accessed by means of content material delivered from a remote location by way of the user’s net browser, e mail customer, or other programs that incorporate or reference the Flash Participant. (CVE-2007-3456)

An issue with inadequate validation with the HTTP Referer has become discovered in Flash Player eight.0.34.0 and before. This problem does not influence Flash Player nine. This problem could potentially support an attacker in executing a cross-site request forgery attack. (CVE-2007-3457)

The Linux and Solaris updates for Flash Participant seven (seven.0.70.0) address the issues with Flash Player and the Opera and Konqueror browsers described in Safety Advisory APSA07-03. These concerns do not affect Flash Participant nine on Linux or Solaris. (CVE-2007-2022)
Affected computer software Suggested participant update Availability Flash Player nine.0.45.0 and earlier
nine.0.47.0
Participant Obtain Center
Flash Player nine.0.45.0 and earlier — network distribution
9.0.47.0
Participant Licensing
Flash Participant nine.0.45.0 and before for Linux
9.0.48.0
Player Obtain Center
Flash CS3 Professional
9.0.47.0
Flash Player nine Update for Flash CS3 Professional
Flash Professional eight, Flash Basic
eight.0.35.0
Flash Participant 8 Update for Flash Professional 8, Flash Basic
Flex 2.0
9.0.47.0
Flash Debug Participant Updater
Acknowledgments
Adobe would like to thank Stefano DiPaola, Elia Florio and Giorgio Fedon for reporting the input validation error (CVE-2007-3456) and for working with us to help protect our customers’ protection.

Adobe would like to thank Daiki Fukumori of Secure Sky Technology, Inc. for reporting the HTTP Referer vulnerability (CVE-2007-3457) and for working with us to help protect our customers' security.

Adobe would like to thank Mark Hills for reporting the problems with Flash Player as well as the Opera and Konqueror browsers previously described in Safety Advisory APSA07-03 (CVE-2007-2022) and for working with Opera to help protect our mutual customers' protection.
Revisions
July 10, 2007 — Protection bulletin first created.
Adobe disclaimer License agreement
By making use of software program of Adobe Systems Incorporated or its subsidiaries ("Adobe"); you agree to the following terms and conditions. Should you don't agree with such terms and conditions; tend not to use the application. The terms of an end person license agreement accompanying a particular computer software file upon installation or download of the computer software shall supersede the terms presented below.

The export and re-export of Adobe application products are controlled from the United States Export Administration Regulations and such software may not be exported or re-exported to Cuba; Iran; Iraq; Libya; North Korea; Sudan; or Syria or any country to which the United States embargoes goods. In addition; Adobe computer software may not be distributed to persons on the Table of Denial Orders; the Entity List; or the List of Specially Designated Nationals.
By downloading or employing an Adobe computer software item you are certifying that you are not a national of Cuba; Iran; Iraq; Libya; North Korea; Sudan; or Syria or any country to which the United States embargoes goods and that you are not a person on the Table of Denial Orders; the Entity List; or the List of Specially Designated Nationals.

If the software program is designed for use with an application computer software merchandise (the "Host Application") published by Adobe; Adobe grants you a non-exclusive license to use such software program with the Host Application only; provided you possess a valid license from Adobe for the Host Application. Except as set forth below; such software program is licensed to you subject for the terms and conditions with the End User License Agreement from Adobe governing your use with the Host Application.

DISCLAIMER OF WARRANTIES: YOU AGREE THAT ADOBE HAS MADE NO EXPRESS WARRANTIES TO YOU REGARDING THE Software AND THAT THE Software IS BEING PROVIDED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND. ADOBE DISCLAIMS ALL WARRANTIES WITH REGARD For the Software; EXPRESS OR IMPLIED; INCLUDING; WITHOUT LIMITATION; ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE; MERCHANTABILITY; MERCHANTABLE QUALITY OR NONINFRINGEMENT OF THIRD PARTY RIGHTS. Some states or jurisdictions usually do not let the exclusion of implied warranties; so the above limitations may not apply to you.

LIMIT OF LIABILITY: IN NO EVENT WILL ADOBE BE LIABLE TO YOU FOR ANY LOSS OF USE; INTERRUPTION OF BUSINESS; OR ANY DIRECT; INDIRECT; SPECIAL; INCIDENTAL; OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS) REGARDLESS With the FORM OF ACTION WHETHER IN CONTRACT; TORT (INCLUDING NEGLIGENCE); STRICT Product LIABILITY OR OTHERWISE; EVEN IF ADOBE Has become ADVISED With the POSSIBILITY OF SUCH DAMAGES. Some states or jurisdictions tend not to permit the exclusion or limitation of incidental or consequential damages; so the above limitation or exclusion may not apply to you.