CERT mailing list archives

Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

From: Current Activity <us-cert () us-cert gov>
Date: Tue, 12 Apr 2011 14:14:00 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

Original release date: April 12, 2011 at 10:39 am
Last revised: April 12, 2011 at 2:00 pm


Adobe has released security advisory APSA11-02 to alert users of a
vulnerability affecting  the following Adobe products:
  * Flash Player 10.2.153.1 and earlier versions for Windows,
    Macintosh, Linux, and Solaris
  * Flash Player 10.2.154.25 and earlier versions for Chrome
  * Flash Player 10.2.156.12 and earlier versions for Android
  * the Authplay.dll component that ships with Adobe Reader and
    Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows
    and Macintosh.

Exploitation of this vulnerability may allow an attacker to execute
arbitrary code or cause a denial-of-service condition.

The Adobe advisory indicates that this vulnerability is currently
being exploited in targeted attacks via a Flash (.swf) file embedded
in a Microsoft Word (.doc) file delivered as an email attachment.
However, the method of attack can change at any time.

At this time, Adobe has not released a fix to mitigate this
vulnerability. US-CERT encourages users and administrators to do the
following to help mitigate the risks until a fix becomes available:
  * Review Adobe security advisory APSA11-02.
  * Exercise caution when opening unsolicited email attachments.
  * Refer to the Using Caution with Email Attachments Cyber Security
    Tip for more information on safely handling email attachments.

Additional information can be found in US-CERT Vulnerability Note
VU#230057. US-CERT will provide additional details as they becomes
available.

Relevant Url(s):
<http://www.kb.cert.org/vuls/id/230057>

<http://www.us-cert.gov/cas/tips/ST04-010.html>

<http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for7

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTaSWWj6pPKYJORa3AQJzwwf/ZgP06i4tJgYpJ7ZXEk2+4bsaHINglTCN
h1/iIntX4vVZZ3ZVQoKLu+WS52I0kHmUSxL5rKYDJr+A2/0gGGU/Cl4ICrInkVLd
Gjd08Oy+XO0H8zy75vEcIexw603TmatcfFq76wH+WVmf3/CMMqksQmeJWxdyk97q
ZsnDWXjQqLBKHkbukTmkMd0Vle1gXGm3Ec8V8SeZ4gSLT0TqJeYrdYk3+JlAdhUs
1kcsIu6I2y2woifsVDKrrfeFwB/sPPkrPZRFFG9Pk1kiE4GMMqjAPdJAgCsTFG99
5kjQS2rkF996I0dDyfMJA272NQEQZDWPx7r+uDJezYGXIIW7vOzkSw==
=ypwN
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Mar 15)
- <Possible follow-ups>
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 12)
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 12)
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 15)