You are here

U-104: Adobe Flash Player Multiple Vulnerabilities

February 16, 2012 - 6:30am

Addthis

PROBLEM:

Adobe Flash Player Multiple Vulnerabilities

PLATFORM:

Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris
Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x
Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior

ABSTRACT:

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

reference LINKS:

Adobe Security Bulletin
Secunia Advisory 48033

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

1) An unspecified error in an ActiveX Control can be exploited to corrupt memory. CVE-2012-0751
2) A type confusion error can be exploited to corrupt memory. . CVE-2012-0752
3) An unspecified error related to MP4 parsing can be exploited to corrupt memory. CVE-2012-0753
4) An unspecified error can be exploited to corrupt memory. .CVE-2012-0754
5) An unspecified error can be exploited to bypass certain security restrictions. .CVE-2012-0755
6) An unspecified error can be exploited to bypass certain security restrictions. .CVE-2012-0756

Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code.

7) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. CVE-2012-0767

NOTE: This vulnerability is reportedly being actively exploited in targeted attacks.

Impact:

Security Bypass Cross Site Scripting System access

Solution:

Flash Player 11.1.102.55 and earlier
11.1.102.62
Flash Player Download Center

Flash Player 11.1.102.55 and earlier -
network distribution
11.1.102.62
Flash Player Licensing

Flash Player 11.1.112.61 and earlier
for Android 4.x
11.1.115.6

Android Marketplace
(browse to on an Android device)

Flash Player 11.1.111.5 and earlier
for Android 3.x and 2.x
11.1.111.6

Android Marketplace
(browse to on an Android device)

Flash Player 11.1.102.55 and earlier
for Chrome users
11.1.102.62

Google Chrome Releases

Addthis