Adobe has released a critical patch to cover a pair of serious vulnerabilities affecting the Adobe Flash Media Server (FMS) 3.5.2 and earlier versions. The update is available for all platforms and addresses issues that allow an attacker to run malicious code on the affected system. Here's the skinny from Adobe's security bulletin:
- This update resolves a resource exhaustion vulnerability that could could lead to a Denial of Service (DoS) (CVE-2009-3791).
- This update resolves a directory traversal vulnerability that could lead to FMS loading arbitrary DLLs present on the server. (CVE-2009-3792).
Adobe recommends Flash Media Server (FMS) users install FMS version 3.5.3.