Adobe May '10 Patch Tuesday Detailed
Article by George Norman
On 12 May 2010
Every second Tuesday of the month Microsoft rolls out updates for its products as part of the Patch Tueday program – and so does Adobe, the California-based company that specializes in creating multimedia and creativity software products. While Microsoft plugged security holes in Windows and Office this Patch Tuesday, Adobe addressed security issues in Adobe Shockwave Player and Adobe ColdFusion.

The vulnerabilities that plague Adobe Shockwave Player have been rated as critical; if exploited by a person with malicious intent, they could allow for remote code execution. To stay safe and protected, users of Adobe Shockwave Player 11.5.6.606 and earlier versions need to upgrade to Adobe Shockwave Player 11.5.7.609. This latest version can be downloaded here.

Advertising

Here are the vulnerabilities that Adobe Shockwave Player 11.5.7.609 fixes, as detailed by Adobe in this security advisory:
  • CVE-2010-0127- A boundary error vulnerability that if exploited, could lead to memory corruption and possible code execution.
  • CVE-2010-0128 - A signedness error vulnerability that could lead to code execution.
  • CVE-2010-0129 - Multiple memory corruption vulnerabilities due to integer overflow that could lead to code execution.
  • CVE-2010-0130 - An integer overflow vulnerability that could lead to code execution.
  • CVE-2010-0986 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-0987 - A buffer overflow vulnerability that could lead to code execution.
  • CVE-2010-1280 - Multiple memory corruption vulnerabilities that could lead to code execution.
  • CVE-2010-1281 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1282 - An infinite loop vulnerability that could lead to a denial of service.
  • CVE-2010-1283 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1284 - Multiple memory corruption vulnerabilities that could lead to code execution.
  • CVE-2010-1286 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1287 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1288 - A buffer overflow vulnerability that could lead to code execution.
  • CVE-2010-1289 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1290 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1291 - A memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1292 - A memory corruption vulnerability that could lead to code execution.

The vulnerabilities that plague Adobe ColdFusion have been classified as important; if exploited by a person with malicious intent, they could allow for cross-site scripting and information disclosure. These vulnerabilities affect ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX. Users should follow the instructions presented here to update their installations.

Here are the vulnerabilities fixed in Adobe ColdFusion, as detailed by Adobe in this security advisory:
  • CVE-2009-3467 - A vulnerability in a ColdFusion method that could lead to cross-site scripting in ColdFusion applications utilizing this method.
  • CVE-2010-1293 - A vulnerability in the ColdFusion Administrator page that could lead to cross-site scripting.
  • CVE-2010-1294 - An information disclosure vulnerability. This vulnerability requires local access.




Tags: Adobe, Adobe Shockwave Player, Adobe ColdFusion
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe May '10 Patch Tuesday Detailed
HTML Linking Code