Accessibility

Security advisory

Potential vulnerability in Flash CS3 Professional

Release date: October 15, 2008

Vulnerability identifier: APSA08-09

CVE number: CVE-2008-4473

Platform: Windows

Summary

Adobe is aware of recently published security issues in Flash CS3 Professional that could potentially cause code execution. These issues do not affect any version of Flash Player. An attacker would need to convince a user to open a malicious SWF file to successfully exploit the issues.

Details

An attacker would need to convince a user to open a malicious SWF file to successfully exploit the issues. Adobe recommends that developers exercise caution when receiving unsolicited or suspicious SWF files. These issues do not affect Flash CS4 Professional. These issues do not affect the Mac version of Flash CS3 Professional.

Severity Rating

Adobe categorizes this as a critical issue and recommends that developers exercise caution when receiving unsolicited or suspicious SWF files.

Acknowledgments

Adobe would like to thank Paul Craig of Security-Assessment.com for reporting these vulnerabilities and for working with us to help protect our customers' security.