Release date: August 10, 2010
Last updated: August 11, 2010
Vulnerability identifier: APSB10-19
CVE number: CVE-2010-2217, CVE-2010-2218, CVE-2010-2219, CVE-2010-2220
Platform: Windows, Linux
Critical vulnerabilities have been identified in Adobe Flash Media Server (FMS) 3.5.3 and earlier versions and Adobe Flash Media Server (FMS) 3.0.5 and earlier versions for Windows and Linux. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities and recommends that users update their installations to Flash Media Server 3.5.4 or 3.0.6 respectively using the instructions provided below.
Adobe recommends Flash Media Server (FMS) users install Flash Media Server version 3.5.4 and Flash Media Server version 3.0.6 available here: http://www.adobe.com/support/flashmediaserver/downloads_updaters.html.
Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installations.
Critical vulnerabilities have been identified in Adobe Flash Media Server (FMS) 3.5.3 and earlier versions and Adobe Flash Media Server (FMS) 3.0.5 and earlier versions for Windows and Linux. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided above.
This update resolves a JS method issue that could lead to a denial of service vulnerability (CVE-2010-2218).
This update resolves a JS method vulnerability that could lead to arbitrary code execution (CVE-2010-2217).
This update resolves a memory exhaustion issue that could lead to a denial of service vulnerability. (CVE-2010-2219).
This update resolves an input validation issue that could lead to a denial of service vulnerability (CVE-2010-2220)
Adobe would like to thank Dirk Neely of Stickam for reporting the relevant issues and for working with Adobe to help protect our customers.
August 11, 2010 - Updated description of platform from UNIX to Linux.
August 10, 2010 - Bulletin released.