US-CERT Technical Cyber Security Alert TA09-204A -- Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-204A


Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

   Original release date: July 23, 2009
   Last revised: --
   Source: US-CERT


Systems Affected

     * Adobe Flash Player 10.0.22.87 and earlier 10.x versions
     * Adobe Flash Player 9.0.159.0 and earlier 9.x versions
     * Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions


Overview

   Adobe has released Security advisory APSA09-03, which describes a
   vulnerability affecting Adobe Flash. Other Adobe applications that
   include the Flash runtime, such as Adobe Reader 9, are also
   affected.


I. Description

   Adobe Security Advisory APSA09-03 describes a vulnerability
   affecting the Adobe Flash player. Flash player version 10.0.22.87
   and earlier 10.x versions as well as Flash player version 9.0.159.0
   and earlier 9.x versions are affected.
   
   An attacker could exploit this vulnerability by convincing a user
   to visit a website that hosts a specially crafted SWF file. The
   Adobe Flash browser plugin is available for multiple web browsers
   and operating systems, any of which could be affected. An attacker
   could also create a PDF document that has an embedded SWF file to
   exploit the vulnerability.
   
   This vulnerability is being actively exploited.


II. Impact

   This vulnerability allows a remote attacker to execute arbitrary
   code as the result of a user viewing a web page or opening a PDF
   document.


III. Solution

   These vulnerabilities can be mitigated by disabling the Flash
   plugin or by using the NoScript extension for Mozilla Firefox or
   SeaMonkey to whitelist websites that can access the Flash plugin.
   For more information about securely configuring web browsers,
   please see the Securing Your Web Browser document. US-CERT
   Vulnerability Note VU#259425 has additional details, as well as
   information about mitigating the PDF document attack vector.
   
   Thanks to Department of Defense Cyber Crime Center/DCISE for
   information used in this document.


IV. References

 * Vulnerability Note VU#259425 -
   <http://www.kb.cert.org/vuls/id/259425>

 * Security advisory for Adobe Reader, Acrobat and Flash Player -
   <http://www.adobe.com/support/security/advisories/apsa09-03.html>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

 * NoScript - <https://addons.mozilla.org/addon/722>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-204A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@xxxxxxxx> with "TA09-204A Feedback VU#259425" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  July 23, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSminMXIHljM+H4irAQJL/Af+OIfCigCk+Fq8RRD5OgNDE/hHMOLaTw9E
PX03+Om4N7tMTuuQvrTBhnZeZANGJwevmVwRGrsQ84PgRLwnEJAd6+MIm44zN4CS
hq5G1yQfC8dTBeYGDwrxWmMDFKZaLMapIqtdEfUxUMxUEJcm4q2slcl82n3/VRGN
wp7issDRg2uDuQQ5G5pLlHS8JchndHWbmFTt501XV0LGf7NiHAYq4hQ650AuVbJK
o2u/LM6OGbFf1NYSfRSSPo0TzQ5D31BEjPnkcZWtvOykJM42cvLppCVg2fnCqgrc
4jnhTtdxn9RUKVeLHeEpC0dWMrOTvqnu2BSc92XNAHpryts8fbp/ew==
=8pdb
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux