Adobe Flash Player Vulnerability

Last Update Date: 23 Mar 2011 Release Date: 15 Mar 2011 6446 Views

RISK: Extremely High Risk

TYPE: Clients - Audio & Video

A vulnerability has been identified in Adobe flash player, which could be exploited by attackers to compromise a vulnerable system. This vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment or a PDF document containing malformed Flash content.

Impact

Remote Code Execution

System / Technologies affected

Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.2.154.18 and earlier for Chrome users
Adobe Flash Player 10.1.106.16 and earlier for Android
Adobe AIR 2.5.1 and earlier for Windows, Macintosh and Linux
The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Solutions

Upgrade Adobe Flash Player to version 10.2.153.1:
http://get.adobe.com/flashplayer/
Upgrade Flash Player for Android to version 10.2.156.12 by browsing to the Android Marketplace on an Android phone.
Google Chrome users can update to Chrome version 10.0.648.134 or later.
Update Adobe AIR to version 2.6:
http://get.adobe.com/air/
Update Adobe Reader X for Macintosh to version 10.0.2 or Adobe Reader for Windows and Macintosh to version 9.4.3:
http://www.adobe.com/support/security/bulletins/apsb11-06.html
Update Adobe Acrobat X for Windows and Macintosh to version 10.0.2 or Adobe Acrobat for Windows and Macintosh to version 9.4.3:
http://www.adobe.com/support/security/bulletins/apsb11-06.html

Vulnerability Identifier

CVE-2011-0609

Source

Adobe