Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

Original release date: March 15, 2011 at 10:29 am
Last revised: March 15, 2011 at 10:29 am


Adobe has released a security advisory to alert users of a
vulnerability affecting the following products:
  * Adobe Flash Player 10.2.152.33 and earlier versions for Windows,
    Macintosh, Linux, and Solaris
  * Adobe Flash Player 10.2.154.18 and earlier versions for Google
    Chrome users
  * Adobe Flash Player 10.1.106.16 and earlier versions for Android
  * The Authplay.dll component that ships with Adobe Reader and
    Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows
    and Macintosh.

Exploitation of this vulnerability may allow an attacker to execute
arbitrary code or cause a denial-of-service condition. At this time,
the vendor has not released a fix for this vulnerability. The Adobe
advisory indicates that this vulnerability is being actively exploited
via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file
delivered as an email attachment.

Adobe has indicated that it expects to release a fix for this
vulnerability during the week of March 21, 2011. In the interim, users
and administrators are encouraged to implement the following
workarounds to help reduce the risks.
  * Disable Flash in the web browser as described in the Securing Your
    Web Browser document.
  * Disable Flash and 3D & Multimedia support in Adobe Reader 9 and
    later.
  * Disable JavaScript in Adobe Reader and Acrobat.
  * Prevent Internet Explorer from automatically opening PDF
    documents.
  * Disable the displaying of PDF documents in the web browser.
  * Enable DEP in Microsoft Windows.
  * Utilize Microsoft EMET to enable runtime mitgations for Microsoft
    Internet Explorer and Excel.

Additional information regarding this vulnerability, including
detailed workaround instructions, can be found in US-CERT
Vulnerability Note VU#192052. US-CERT will provide additional
information as it becomes available.

Relevant Url(s):
<http://www.adobe.com/support/security/advisories/apsa11-01.html>

<http://www.us-cert.gov/reading_room/securing_browser/>

<http://www.kb.cert.org/vuls/id/192052>

====
This entry is available at
http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTX98Mz6pPKYJORa3AQJqRAgAxB/Z21VvWaFTnZaJM5XngRmN6bGWRx3H
vwwupGJrxvoxSJFPEkvBXfyXWXRdKBm4kGpD+jwf0AkhlGLO6KrAf9X0CH9bRTng
v3EtdQFD6TNdpEut+TwX/cOMtQdtORhadrzRDWxpGLGJ2LxCbk2pAPEOgGc6g484
KpK/MBydIl9L70GQq4MXoDSz9ezYKe4N5cDDbOdV05F3bE53X5lnWzkLlOe6EYla
1fgWHSEew1pUaY38a1PlDmcwcF/mkSISApQRli+W+Js+M+FDgTKp1KYca7xv2iqT
VEl8m2XAf7/MrfolPcTvMWYG+4cs5qHbzLkWrYnRo6C9L8+4hH753w==
=yoxM
-----END PGP SIGNATURE-----