Microsoft Security Advisory (979267)

What is the scope of the advisory? 
Microsoft is aware of vulnerability reports affecting Adobe Flash Player 6 provided in supported editions of Windows XP listed in the Affected Software section. This is an advisory to notify users to remove Adobe Flash Player 6 on Windows XP systems and/or to install the most current version of Flash Player available from Adobe.

What is Adobe Flash Player? 
Adobe Flash Player is a lightweight browser plug-in and runtime that delivers interactive content, video, and applications across operating systems and browsers. For more information on Adobe Flash Player, visit Adobe Flash Player Home.

What causes this threat? 
Multiple vulnerabilities exist in Adobe Flash Player 6 provided in Windows XP when used in a Web browsing scenario. An attacker who exploits these vulnerabilities could execute code on the affected system.

How could an attacker exploit the vulnerability? 
An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the Web site. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

How do I remove Adobe Flash Player 6?
There are multiple ways to remove Adobe Flash Player 6 on Windows XP systems. For directions on the manual steps required to remove Adobe Flash Player 6, see How to remove the Flash Player ActiveX control. Adobe also provides an uninstaller tool that removes Adobe Flash Player. For more information on the uninstaller tool, see How to uninstall the Adobe Flash Player plug-in and ActiveX control.

Note The uninstaller tool removes all versions of Adobe Flash Player and is not specific to Adobe Flash Player 6.

How do I install the latest version of Adobe Flash Player?
To install the most current version of Adobe Flash Player, see Install Adobe Flash Player.

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation:

• Adobe Flash Player version 6 was only provided in Windows XP systems. All other supported versions of the Windows operating system do not include the Adobe Flash Player.

Perform one or both of the following steps:

• Uninstall the Adobe Flash Player version 6.
• Install the most current version of Flash Player available from Adobe.

• Review the Microsoft Knowledge Base Article that is associated with this advisory

  All customers should apply the most recent security updates released by Microsoft to help ensure that their systems are protected from attempted exploitation. Customers who have enabled Automatic Updates will automatically receive all Windows updates. For more information about Microsoft security updates, visit Microsoft Security Central.

  We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. Customers can learn more about these steps by visiting Protect Your Computer.

• For more information about staying safe on the Internet, visit Microsoft Security Central.
• Keep Windows Updated

  All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.