funsec mailing list archives

XP SP3 Installs Older, Vulnerable Version of Flash Player

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Mon, 2 Jun 2008 21:40:38 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, you read that correctly:

"It appears that XP service pack 3 installs an older vulnerable
version of the flash player, causing those systems to be vulnerable
to these vulnerabilities."

More:
http://isc.sans.org/diary.html?storyid=4513

Why is this important? Lots and lots of malicious Flash [.swf]
exploits:

http://blog.trendmicro.com/flash-bugs-exploited-in-latest-mass-compromise/

The latest news on this is that the latest version of Flash
(9.0.124.0) is not vulnerable to these exploits...

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIRGjTq1pz9mNUZTMRAkNGAKDsiLkn1Gzto3Mq/Jful60/5mJCQwCdHadQ
PokqwkDUrvn3tKSMpYRpYeA=
=Uw89
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

XP SP3 Installs Older, Vulnerable Version of Flash Player Paul Ferguson (Jun 02)
- Re: XP SP3 Installs Older, Vulnerable Version of Flash Player Dave Nelson (Jun 02)
  - Re: XP SP3 Installs Older, Vulnerable Version of Flash Player Jeff Kell (Jun 02)
    - Re: XP SP3 Installs Older, Vulnerable Version of Flash Player Dave Nelson (Jun 02)
    - Re: XP SP3 Installs Older, Vulnerable Version of Flash Player Larry Seltzer (Jun 02)
  - Re: XP SP3 Installs Older, Vulnerable Version of Flash Player Larry Seltzer (Jun 02)