CERT mailing list archives
Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
From: Current Activity <us-cert () us-cert gov>
Date: Tue, 15 Mar 2011 10:48:31 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Original release date: March 15, 2011 at 10:29 am Last revised: March 15, 2011 at 10:29 am Adobe has released a security advisory to alert users of a vulnerability affecting the following products: * Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux, and Solaris * Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users * Adobe Flash Player 10.1.106.16 and earlier versions for Android * The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. At this time, the vendor has not released a fix for this vulnerability. The Adobe advisory indicates that this vulnerability is being actively exploited via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. Adobe has indicated that it expects to release a fix for this vulnerability during the week of March 21, 2011. In the interim, users and administrators are encouraged to implement the following workarounds to help reduce the risks. * Disable Flash in the web browser as described in the Securing Your Web Browser document. * Disable Flash and 3D & Multimedia support in Adobe Reader 9 and later. * Disable JavaScript in Adobe Reader and Acrobat. * Prevent Internet Explorer from automatically opening PDF documents. * Disable the displaying of PDF documents in the web browser. * Enable DEP in Microsoft Windows. * Utilize Microsoft EMET to enable runtime mitgations for Microsoft Internet Explorer and Excel. Additional information regarding this vulnerability, including detailed workaround instructions, can be found in US-CERT Vulnerability Note VU#192052. US-CERT will provide additional information as it becomes available. Relevant Url(s): <http://www.adobe.com/support/security/advisories/apsa11-01.html> <http://www.us-cert.gov/reading_room/securing_browser/> <http://www.kb.cert.org/vuls/id/192052> ==== This entry is available at http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTX98Mz6pPKYJORa3AQJqRAgAxB/Z21VvWaFTnZaJM5XngRmN6bGWRx3H vwwupGJrxvoxSJFPEkvBXfyXWXRdKBm4kGpD+jwf0AkhlGLO6KrAf9X0CH9bRTng v3EtdQFD6TNdpEut+TwX/cOMtQdtORhadrzRDWxpGLGJ2LxCbk2pAPEOgGc6g484 KpK/MBydIl9L70GQq4MXoDSz9ezYKe4N5cDDbOdV05F3bE53X5lnWzkLlOe6EYla 1fgWHSEew1pUaY38a1PlDmcwcF/mkSISApQRli+W+Js+M+FDgTKp1KYca7xv2iqT VEl8m2XAf7/MrfolPcTvMWYG+4cs5qHbzLkWrYnRo6C9L8+4hH753w== =yoxM -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Mar 15)
- <Possible follow-ups>
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 12)
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 12)
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 15)