Adobe has shipped a Flash Media Server patch to fix a vulnerability that allowed attackers to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server.

The update is available for Adobe Flash Media Streaming Server 3.5.1, Adobe Flash Media Interactive Server 3.5.1 and earlier. It is rated “important” and affects both Windows and Linux platforms.
The skinny:

CVE-2009-1365: A potential vulnerability has been identified in Flash Media Server 3.5.1 and earlier that could allow an attacker to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server. This update resolves a RPC (remote procedure call) execution issue that could potentially allow an attacker to execute remote procedures within a server side ActionScript file running on Flash Media Server.

To verify the Adobe Flash Media Server version, launch the Flash Media Server Administration console, click the Manage Servers > License tab, and note the release version.

Adobe recommends users update to the most current version of Flash Media Server (3.5.2 or 3.0.4 or greater)