Title: Adobe Flash FLA File Processing Remote Code Execution Vulnerabilities
Severity: HIGH
Description:
Flash CS3 Professional, Flash Professional, and Flash Basic are multimedia applications available for Microsoft Windows and Apple Mac OS X.
The applications are prone to multiple remote code-execution vulnerabilities during the processing of malicious FLA files.
An attacker can exploit these issues by enticing an unsuspecting victim to open a specially crafted 'FLA' file. The vendor says that web-based attacks are not possible. An attacker must trick a victim into opening a malicious file to exploit these vulnerabilities.
Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
These issues affect Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Microsoft Windows. Flash Player is not affected by these vulnerabilities.
Affected Products:
- Adobe After Effects CS3
- Adobe Flash Basic 8
- Adobe Flash CS3 Professional
- Adobe Flash Professional 8
References:
- Adobe: APSA08-03 Potential vulnerability in Flash CS3 Professional, Flash Professional
- Adobe: APSA08-05 Potential vulnerability in After Effects CS3
- Adobe: Adobe Flash Homepage
- Adobe: Adobe Homepage
- Fortinet: Adobe Flash CS3 Professional Multiple .FLA Parsing Vulnerabilities
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
