Adobe Flash Player

Does not properly remove references to destroyed objects during
Shockwave Flash file processing, which allows remote attackers to
execute arbitrary code via a crafted file, related to a “buffer
overflow issue.” Allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via unknown
vectors, related to a “privilege escalation vulnerability.” Allows
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via unspecified vectors, related to a “null
pointer vulnerability.”

Adobe Acrobat, Adobe Reader

Vulnerabilities that allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

Browser Attacks Continue to Evolve

While the security teams at Microsoft, Mozilla and the other browser vendors continue to work on new defenses and exploit mitigations, the state of the art in attacks is continuing to evolve.


At the 26th Chaos Communication Congress in Berlin, security researcher Fabian Yamaguchi demonstrated a number
of vulnerabilities that can apparently be found in many average
communication networks and affect all levels from the access layer to
the application layer. Read the full article. [The H Security]

If you’ve been doing some last minute Amazon holiday shopping on Wednesday evening, you’ve probably noticed that Amazon’s web site was sluggish and, at times, completely down; The same fate greeted Wal-Mart, Expedia, and a number of smaller sites. Read the full article. [Mashable]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.