You are here

T-630: Security update available for Adobe Flash Player

May 25, 2011 - 3:35pm

Addthis

PROBLEM:

Vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

PLATFORM:

The vulnerabilities are reported in the following versions:
Adobe Flash Player 10.2.159.1 and earlier for Windows, Macintosh, Linux and Solaris.
Adobe Flash Player 10.2.154.28 and earlier for Chrome.
Adobe Flash Player 10.2.157.51 and earlier for Android.

ABSTRACT:

Critical vulnerabilities have been identified in Adobe Flash Player 10.2.159.1 and earlier versions (Adobe Flash Player 10.2.154.28 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51 and earlier versions for Android.

reference LINKS:

APSB11-12
Secunia Advisory: SA44590
Vulnerability Report: Adobe Flash Player 10.x
Adobe Flash Player update version 10.3.181.14
CVE-2011-0579
CVE-2011-0618
CVE-2011-0619
CVE-2011-0620
CVE-2011-0621
CVE-2011-0622
CVE-2011-0623
CVE-2011-0624
CVE-2011-0625
CVE-2011-0626
CVE-2011-0627

IMPACT ASSESSMENT:

High

Discussion:

These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.
1) An unspecified error can be exploited to disclose certain information.
2) An integer overflow error in the ActionScript Virtual Machine (AVM) when parsing the "method_body_info" structure can be exploited to potentially execute arbitrary code.
3) An unspecified error can be exploited to corrupt memory.
4) A boundary error within certain ActionScript functions can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code.
5) A third unspecified error can be exploited to corrupt memory.
6) A fourth unspecified error can be exploited to corrupt memory.
7) A boundary error can be exploited to potentially execute arbitrary code.
8) A second boundary error can be exploited to potentially execute arbitrary code.
9) A third boundary error can be exploited to potentially execute arbitrary code.
10) A fourth boundary error can be exploited to potentially execute arbitrary code.
11) An unspecified error can be exploited to corrupt memory.

Solution:

Adobe recommends users of Adobe Flash Player 10.2.159.1 and earlier versions (Adobe Flash Player 10.2.154.28 and earlier versions for Chrome users) for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.14. Adobe recommends users of Adobe Flash Player 10.2.157.51 and earlier versions for Android update to Adobe Flash Player 10.3.185.21.

Adobe Flash Player support and download
Reference to prior DOE-CIRC Tech Bulletin T-627
 

Addthis