14 DAY TRIAL // Adobe has released security updates for Flash Media Server, Photoshop CS5 and RoboHelp in order to address critical security vulnerabilities in the products.
The flaw patched in Flash Media Server (FMS) can be exploited by an attacker to achieve a denial of service condition and prevent legitimate users from accessing content.
The vulnerability is identified as CVE-2011-2132 in the Common Vulnerabilities and Exposures database and is credited to Knud Erik Højgaard of nsense.
"Adobe recommends Flash Media Server (FMS) users update their installations to Flash Media Server 4.0.3 or Flash Media Server 3.5.7 respectively," the company writes.
Meanwhile, a memory corruption vulnerability that can lead to arbitrary code execution was addressed in Adobe Photoshop CS5 and CS5.1.
The flaw (CVE-2011-2131) was reported by Francis Provencher of Protek Research Lab and can be exploited by tricking victims into opening maliciously-crafted GIF files.
Finally, a cross-site scripting (XSS) weakness was identified and patched in RoboHelp, Adobe's help authoring tool. The flaw (CVE-2011-2133) can be exploited by opening a specially-crafted URL.
Patches have been released for RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8 for Windows.
Unlike the vulnerabilities in the other two products, Adobe rates this XSS weakness as important. It was discovered and reported by Roberto Suggi Liverani of Security-Assessment.com.
Adobe has also released critical security updates for Flash Player and Shockwave Player which users are advised to install as soon as possible.
The company got into an argument with a security researcher over the actual number of vulnerabilities fixed in the Flash Player release. Google security engineer Tavis Ormandy claims that the new version addresses a number of 400 vulnerabilities that he discovered in the product during a security audit.