Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
added March 15, 2011 at 10:29 am
Adobe has released a security advisory to alert users of a
vulnerability affecting the following products:
* Adobe Flash Player 10.2.152.33 and earlier versions for Windows,
Macintosh, Linux, and Solaris
* Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users
* Adobe Flash Player 10.1.106.16 and earlier versions for Android
* The Authplay.dll component that ships with Adobe Reader and
Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and
Exploitation of this vulnerability may allow an attacker to execute
arbitrary code or cause a denial-of-service condition. At this time,
the vendor has not released a fix for this vulnerability. The Adobe
advisory indicates that this vulnerability is being actively
exploited via a Flash (.swf) file embedded in a Microsoft Excel
(.xls) file delivered as an email attachment.
Adobe has indicated that it expects to release a fix for this
vulnerability during the week of March 21, 2011. In the interim,
users and administrators are encouraged to implement the following
workarounds to help reduce the risks.
* Disable Flash in the web browser as described in the Securing Your
Web Browser document.
* Disable Flash and 3D & Multimedia support in Adobe Reader 9 and later.
* Prevent Internet Explorer from automatically opening PDF documents.
* Disable the displaying of PDF documents in the web browser.
* Enable DEP in Microsoft Windows.
* Utilize Microsoft EMET to enable runtime mitgations for Microsoft
Internet Explorer and Excel.
Additional information regarding this vulnerability, including
detailed workaround instructions, can be found in US-CERT
Vulnerability Note VU#192052. US-CERT will provide additional
information as it becomes available.
US-CERT Vulnerability Note VU#192052
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat