Tokuji Akamine

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 18.0.0.252 Adobe Flash Player versions 19.x prior to 19.0.0.207 Adobe Flash Player versions prior to 11.2.202.535 on Linux Adobe AIR versions prior to 19.0.0.213 Adobe AIR SDK versions prior to 19.0.0.213 Adobe AIR SDK & Compiler versions prior to 19.0.0.213 **Description** The issue is related to insufficient access control mechanisms in the Flash Player and Adobe Integrated Runtime platforms, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. This can enable a remote attacker to circumvent existing restrictions and access protected information. **Recommendations** For Adobe Flash Player versions prior to 18.0.0.252, update to version 18.0.0.252 or later. For Adobe Flash Player versions 19.x prior to 19.0.0.207, update to version 19.0.0.207 or later. For Adobe Flash Player versions prior to 11.2.202.535 on Linux, update to version 11.2.202.535 or later. For Adobe AIR versions prior to 19.0.0.213, update to version 19.0.0.213 or later. For Adobe AIR SDK versions prior to 19.0.0.213, update to version 19.0.0.213 or later. For Adobe AIR SDK & Compiler versions prior to 19.0.0.213, update to version 19.0.0.213 or later.

**Name of the Vulnerable Software and Affected Versions** WebKit versions before r52401 Google Chrome versions before 4.0.249.78 **Description** The issue allows remote attackers to bypass the Same Origin Policy. This is achieved via vectors involving the `window.open` method. **Recommendations** For WebKit versions before r52401, update to version r52401 or later. For Google Chrome versions before 4.0.249.78, update to version 4.0.249.78 or later.