"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," said Adobe in an advisory published Friday.Source: ComputerWorld
The flaws were all over the map, and included memory corruption, integer and stack overflow, and security bypass bugs. One of the seven was tagged as a "binary planting" vulnerability in the Flash installer.
"Binary planting" is a synonym for what others call "DLL load hijacking," a bug class first uncovered nearly two years ago by HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit.
Because many Windows applications don't call DLLs using a full path name, instead using only the filename, hackers can trick an application into loading a malicious file with the same title as a required DLL.
Adobe Flash 11.3 delivers sandboxing for Firefox
Posted on Monday, June 11 2012 @ 10:54 CEST by Thomas De Maesschalck