Summary:

A vulnerability has been reported for Adobe Flash Player that allows an attacker to run code on a vulnerable system. This specifically affects Adobe Flash 9.X but may also affect other versions.

At this time, there are no patches for the vulnerability. Instead, Secunia and US-CERT are recommending that users do not browse untrusted websites. Also, US-CERT is recommending that users install and use NoScript for Firefox.

More information may be found here:

http://secunia.com/advisories/30404/
http://www.kb.cert.org/vuls/id/395473

Detail:

From:
http://blogs.zdnet.com/security/?p=1189&tag=nl.e589

http://isc.sans.org/diary.html?storyid=4465

Malware hunters have spotted a previously unknown ? and unpatched ? Adobe Flash vulnerability being exploited in the wild.

The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

Technical details on the vulnerability are not yet available. Adobe?s product security incident response team is investigating <link expired> .

This SecurityFocus advisory warns <http://www.securityfocus.com/bid/29386/discuss> :

Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.