Adobe has released 'Adobe Flash Player version 10.1.102.64' which contains fixes for vulnerabilities described in CVE-2010-2036 - CVE-2010-2052 and Adobe's Security Bulletin APSB10-26. Due to these vulnerabilities the Adobe Flash Player:
- does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
- allows remote attackers to execute arbitrary code or cause a denial of service via a crafted FLV video.
- allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
- allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
Adobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.
To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu:
If you use multiple browsers, perform the check for each browser you have installed on your system.
Adobe has two different MSI packages available for download. One MSI, full_flashplayer_win_msi, is targeted for Internet Explorer users. The other one, full_flashplayer_win_pl_msi, is targeted for Pluged-in based browsers like Firefox.
Adobe also has the 'Adobe Flash Player Administration Guide for Flash Player 10' which describes the Flash Player 10. How it's installed, how it works, and how you can control it to suit the needs of a specific network environment. This document is intended for IT or administrative professionals who manage the installation or use of Flash Player for multiple users in a controlled environment. The Adobe Flash Player Administration Guide contains chapters which cover the Flash Player environment (in which the mms.cfg is being covered which was also covered on msiwisdom.com here), installation of the Player, Administrator settings, User-configured settings and Security considerations. You can download it here.