You are here

T-627: Adobe Flash Player Memory Corruption

May 20, 2011 - 2:50pm

Addthis

PROBLEM:

Adobe Flash Player Memory Corruption, Denial Of Service, Execute Code

PLATFORM:

Windows, Mac OS X, Linux, and Solaris

ABSTRACT:

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.

reference LINKS:

CVE Details - CVE-2011-0627
CVE Details - Adobe Flash Player Vulnerability Statistics
CVE Details - Adobe Security Vulnerabilities

IMPACT ASSESSMENT:

High

Discussion:

Critical vulnerabilities have been identified in Adobe Flash Player 10.2.159.1 and earlier versions (Adobe Flash Player 10.2.154.28 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51 and earlier versions for Android. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.

Solution:

Affected software versions
Adobe Flash Player 10.2.159.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.2.154.28 and earlier versions for Chrome users
Adobe Flash Player 10.2.157.51 and earlier versions for Android

Adobe recommends users of Adobe Flash Player 10.2.159.1 and earlier versions (Adobe Flash Player 10.2.154.28 and earlier versions for Chrome users) for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.14. Adobe recommends users of Adobe Flash Player 10.2.157.51 and earlier versions for Android update to Adobe Flash Player 10.3.185.21.
 

Addthis