May 1st, 2009
Adobe plugs hole in Flash Media Server
Adobe has shipped a Flash Media Server patch to fix a vulnerability that allowed attackers to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server.
The update is available for Adobe Flash Media Streaming Server 3.5.1, Adobe Flash Media Interactive Server 3.5.1 and earlier. It is rated “important” and affects both Windows and Linux platforms.
- CVE-2009-1365: A potential vulnerability has been identified in Flash Media Server 3.5.1 and earlier that could allow an attacker to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server. This update resolves a RPC (remote procedure call) execution issue that could potentially allow an attacker to execute remote procedures within a server side ActionScript file running on Flash Media Server.
To verify the Adobe Flash Media Server version, launch the Flash Media Server Administration console, click the Manage Servers > License tab, and note the release version.
Adobe recommends users update to the most current version of Flash Media Server (3.5.2 or 3.0.4 or greater).
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
