Adobe Acrobat/Reader and Flash Player Code Execution Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
23 Jul 2009
5305
Views
RISK: Medium Risk
A vulnerability has been identified in Adobe Acrobat, Reader and Flash Player, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in the "flash9f.dll" and "authplay.dll" modules when processing certain objects and "MethodEnv::findproperty" calls, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a PDF file embedding a malicious Flash animation, or by visiting a web page hosting a specially crafted "swf" file.
Note: This vulnerability is currently being exploited in the wild.
Impact
- Remote Code Execution
System / Technologies affected
- Adobe Acrobat version 9.1.2
- Adobe Reader version 9.1.2
- Adobe Flash Player versions 10.x
- Adobe Flash Player versions 9.x
Solutions
- There is no patch available for this vulnerability currently.
Vulnerability Identifier
Source
Related Link
- http://www.vupen.com/english/advisories/2009/1986
- http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
- http://www.adobe.com/support/security/advisories/apsa09-03.html
- http://www.us-cert.gov/cas/techalerts/TA09-204A.html
- http://secunia.com/advisories/35948/
- http://secunia.com/advisories/35949/
Share with