Three critical vulnerabilities have beenidentified in Adobe Flash Playerthat
potentially allow attackers to take control of users'
systems.
Adobe has issued patches for the vulnerabilities and is
recommending that users install them as soon as possible.
The security holes affect various versions of the firm's Flash
Player. An input validation error has been identified in Flash
Player 9.0.45.0 and earlier versions that could lead to the
potential execution of arbitrary code.
This vulnerability could be accessed through content delivered
from a remote location via the user's web browser, e-mail client or
other applications, said Adobe.
In addition, an issue with insufficient validation of the HTTP
Referer has been identified in Flash Player 8.0.34.0 and earlier
versions. This issue does not affect Flash Player 9. The problem
could potentially aid an attacker in executing a cross-site request
forgery attack, said Adobe.
The third vulnerability affects Linux and Solaris systems
running
Flash Player 7.