ID: 3863
Date: 23/07/2009
Title: 3863 - Adobe Flash Player vulnerability
Platform level affected:Net Application - Client
Specific operating systems components affected: 32-bit Windows
Net-enabled software: Other
Other software: Web Browser
Remediation Summary:The manufacturer has reported a problem with this product but has yet to publish a solution. CPNI advise that additional care is exercised when using this product.
Vendors affected:Adobe
Applications affected:Adobe Flash versions 9 and 10. Adobe Reader and Acrobat 9 are affected, and other Adobe products with Flash support may be affected.
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Future
Type of fix: None
Source: US-Cert
Reliability of source: Trusted
Source URL: http://www.kb.cert.org/vuls/id/259425
Abstract: Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe has released a blog post indicating that they are aware of reports of a vulnerability affecting Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. An attacker may be able to trigger this vulnerability by convincing a user to open a specially crafted Flash (SWF) file. The SWF file could be hosted or embedded in a web page or contained in a Portable Document Format (PDF) file. If an attacker can take control of a website or web server, trusted sites may exploit this vulnerability.
US-CERT is currently unaware of a practical solution to address this issue. Until a fix is available, users and administrators are encouraged to implement the following workarounds until the vendor releases additional information:
For more information see
http://www.kb.cert.org/vuls/id/259425
Additional URLs:
http://isc.sans.org/diary.html?storyid=6847
http://bugs.adobe.com/jira/browse/FP-1265
http://www.avertlabs.com/research/blog/index.php
http://www.theregister.co.uk/2009/07/22/adobe_flash_attacks_go_wild/
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Thu, 23 Jul 2009 00:00:00 GMT
Domain affected: Technical