Adobe plugs gaping holes in Flash Media Server

The patch addresses issues that allow an attacker to run malicious code on the affected system.

Adobe has released a critical patch to cover a pair of serious vulnerabilities affecting the Adobe Flash Media Server (FMS) 3.5.2 and earlier versions. The update is available for all platforms and addresses issues that allow an attacker to run malicious code on the affected system. Here's the skinny from Adobe's security bulletin:

  • This update resolves a resource exhaustion vulnerability that could could lead to a Denial of Service (DoS) (CVE-2009-3791).
  • This update resolves a directory traversal vulnerability that could lead to FMS loading arbitrary DLLs present on the server. (CVE-2009-3792).

Adobe recommends Flash Media Server (FMS) users install FMS version 3.5.3.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All