Adobe Systems Inc. issued an advisory Friday warning of two critical Flash Media Server (FMS) vulnerabilities that could be used by attackers to alter streaming videos or set up attacks within Flash-based content.
The FMS server is used by enterprises to stream Flash videos and other content. Adobe said FMS versions 3.5.2 and earlier contain a denial-of-service flaw, which could enable attackers to crash the server and possibly execute malicious code. A directory traversal vulnerability could allow an attacker to upload malicious code on the server and set up attacks within Flash video code.
FMS version 3.5.3 is available as a free maintenance update and corrects the vulnerabilities.
Attackers continue to target Adobe products because the software is widely used and not always upgraded with the latest Adobe updates. Security researchers have also been devoting a lot of time finding vulnerabilities in the company's software. While antivirus vendors push out signatures that can detect malware attempting to exploit vulnerabilities, experts warn that new malicious code is developed daily and not all attacks can be detected.
Adobe issued another advisory last Tuesday warning of ongoing PDF attacks targeting a zero-day vulnerability in Adobe Reader and Acrobat. Some security firms have detected limited email attacks containing malicious PDF files attempting to exploit a remote code execution vulnerability in Reader and Acrobat 9.2 and earlier versions.
Adobe has reportedly said it did not plan an emergency patch to repair the hole because it did not want to disrupt its quarterly update process.