Accessibility

Security bulletin

Updates available to address Flash Media Server privilege escalation issue

Release date: April 30, 2009

Vulnerability identifier: APSB09-05

CVE number: CVE-2009-1365

Platform: Windows and Linux

Summary

A potential vulnerability has been identified in Flash Media Server 3.5.1 and earlier that could allow an attacker to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server. Adobe recommends users update to the most current version of Flash Media Server (3.5.2 or 3.0.4 or greater)

Affected software versions

Adobe Flash Media Streaming Server 3.5.1, Adobe Flash Media Interactive Server 3.5.1 and earlier

To verify the Adobe Flash Media Server version, launch the Flash Media Server Administration console, click the Manage Servers > License tab, and note the release version.

Solution

Adobe recommends Flash Media Server administrators install the Flash Media Server 3.5.2 or 3.0.4 update.

Severity rating

Adobe categorizes this as an important issue and recommends affected users update their installations using the above instructions.

Details

A potential vulnerability has been identified in Flash Media Server 3.5.1 and earlier that could allow an attacker to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server. Adobe recommends users update to the most current version of Flash Media Server (3.5.2 or 3.0.4 or greater).

This update resolves a RPC (remote procedure call) execution issue that could potentially allow an attacker to execute remote procedures within a server side ActionScript file running on Flash Media Server.