Release date: July 28, 2009
Last Updated: July 30, 2009
Vulnerability identifier: APSA09-04
CVE number: CVE-2009-0901, CVE-2009-2495, CVE-2009-2493
Platform: Internet Explorer on Windows
Adobe Flash Player 126.96.36.199 and 10.0.22.87, and earlier 9.x and 10.x versions installed on Windows operating systems for use with Internet Explorer leverage a vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882). This critical vulnerability could allow an attacker who successfully exploits the vulnerability to take control of the affected system.
Note that this vulnerability is exclusive to Internet Explorer on Windows. Installations of Flash Player for Firefox or other web browsers on Windows are not vulnerable.
Adobe has released product updates to Adobe Flash Player to resolve the relevant security issues. For more information, please refer to Security Bulletin APSB09-10.
Users should consider installing MS09-034.?? As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls, such as Flash Player, that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035
Users may monitor the latest information about this issue on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.
Adobe Flash Player 188.8.131.52 and 10.0.22.87 and earlier 9.x and 10.x versions.
Adobe categorizes this as a critical update.
July 30, 2009 - Advisory updated with link to Security Bulletin that resolves the relevant security issues.
July 28, 2009 - Advisory created.