You are here

U-035: Adobe Flash Player Multiple Vulnerabilities

November 14, 2011 - 10:15am

Addthis

PROBLEM:

Adobe Flash Player Multiple Vulnerabilities.

PLATFORM:

Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 11.0.1.153 and earlier versions for Android
Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android

ABSTRACT:

Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should update to Adobe AIR 3.1.0.4880.

reference LINKS:

APSB11-28
Secunia Advisory: SA46818
Adobe Flash Player update

IMPACT ASSESSMENT:

High

Discussion:

Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Impact:

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An unspecified error can be exploited to corrupt memory.
2) An unspecified error can be exploited to cause a heap-based buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An unspecified error can be exploited to corrupt memory.
8) An unspecified error can be exploited to cause a buffer overflow.
9) An unspecified error can be exploited to cause a stack-based buffer overflow.
10) An unspecified error can be exploited to bypass the cross-domain policy.
Note: This vulnerability affects users running Internet Explorer only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
Successful exploitation of vulnerabilities #1 through #9, #11, and #12 may allow execution of arbitrary code.

Solution:

Update to a fixed version.
Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should update to Adobe AIR 3.1.0.4880. Adobe Flash Player 11.1.102.55.

Addthis