Accessibility

Security bulletin

Update available to address Flash Media Server security issues

Release date: February 12, 2008

Vulnerability identifier: APSB08-03

CVE number: CVE-2007-6431, CVE-2007-6148, CVE-2007-6149

Platform: All platforms

Affected software versions: Flash Media Server 2.0.4 and earlier

Summary

Vulnerabilities have been identified in Adobe Flash Media Server 2.0.4 and earlier that could potentially allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends Flash Media Server administrators update their product installations.

Solution

Adobe recommends Flash Media Server 2 administrators install the Flash Media Server 2.0.5 update.

Severity rating

Adobe categorizes this as a critical issue and recommends affected users update their installations using the above instructions.

Details

Vulnerabilities have been identified in Adobe Flash Media Server 2.0.4 and earlier that could potentially allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. An attacker would need to be able to connect to TCP port 1935 or TCP port 19350 to exploit these issues. Adobe recommends Flash Media Server administrators update their product installations. This issue is remotely exploitable.

Acknowledgments

Adobe would like to thank Sebastian Apelt and Sean Larsson of iDefense Labs for reporting this vulnerability and for working with us to help protect our customers' security.