14 DAY TRIAL // Adobe has released security updates for several products, including Audition, Flash Media Server and RoboHelp, which address critical vulnerabilities that could compromise the systems they run on.
Two flaws were patched in Adobe Flash Media Server (FMS) for Windows and Linux, one of which could be exploited by attackers to execute arbitrary code on the underlying system.
Identified as CVE-2010-3864, the vulnerability is rated as critical and is described as a memory corruption issue.
The second flaw, CVE-2011-0612, was discovered by Dirk Neely of Stickam and can lead to a denial of service condition if corrupted XML data is parsed by the server.
Adobe recommends users to install Flash Media Server version 4.0.2 or Flash Media Server version 3.5.6, depending on the branch they are currently running.
Two vulnerabilities were also patched in Adobe Audition, the company's audio editing product, which could be exploited to execute arbitrary code.
Identified as CVE-2011-0614 and CVE-2011-0615, the flaws are both described as memory corruption issues and were discovered by Gjoko Krstic of Zero Science Lab and Diego Juarez, Eduardo Koch and Laura Balian from Core Security Technologies, respectively.
Both vulnerabilities can be exploited by convincing victims to open maliciously-crafted Audition Session (.ses) files. Audition Session (.ses) file format is no longer a supported format beginning with Adobe Audition CS5.5.
Only Adobe Audition 3.0.1 and earlier versions for Windows are affected by these vulnerabilities and the vendor strongly recommends that users switch to use of the XML session format instead of .ses.
Finally, a manual patch was released for RoboHelp 8, RoboHelp 7, RoboHelp Server 8 and RoboHelp Server 7, which are affected by a cross-site scripting vulnerability.
The flaw, CVE-2011-0613, is rated as important and was reported by James Jardine of Jardine Software Inc. It can be fixed by replacing wf_status.htm and wf_topicfs.htm with the patched versions provided by Adobe.