poniedziałek, 14 marca 2011

New Critical 0-day Flash Vulnerability Exploited Via Excel Attachments

Adobe today has released a new security advisory for Adobe Flash Player, Adobe Reader and Acrobat. All three applications are affected by a critical 0-day vulnerability that is exploited via Excel email attachments. Vulnerable versions are Adobe Flash Player 10.2.154.33 and earlier for all supported desktop operating systems, Adobe Flash Player 10.1.106.16 and earlier for Android and Adobe Reader and Acrobat X, 10.x and 9.x for Windows and Macintosh.

Adobe has confirmed reports that the vulnerability is actively exploited via swf files that are embedded in Microsoft Excel files that are delivered via email attachments. A successful exploit causes a crash of the application and could give an attacker control over the computer system.

A security fix is in the final stages of development, and Adobe estimates that it can be distributed during the next week. Computer users for now should be very cautious when they receive emails with Excel attachments, especially if the sender is unknown. It may be a good idea to open the documents online, for instance via Google Docs instead of a desktop client to block potential attacks.

Protected Mode of Adobe Reader X mitigates the issue according to Adobe, so that the security fix for that version will be delivered with the quarterly security update that is scheduled for June 14.

In short:

  • All Flash Player versions 10 are affected for all supported desktop and mobile operating systems.
  • All versions of Adobe Reader and Acrobat X, 10 and 9 are affected
  • The vulnerability is exploited via Excel email attachments that have a Flash file embedded.
  • A patch will be delivered in the next week

Additional information are available at the Security Advisory over at Adobe?s website.


Related Articles:

Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability
Critical Adobe Reader And Flash Vulnerabilities Emerge
Adobe Hit By Yet Another Flash 0-day Exploit
Adobe Reader and Acrobat Critical Security Update
Adobe Fixes Critical Shockwave Vulnerability

Author: Martin Brinkmann, Monday March 14, 2011 - Print This Post
Read More About: Adobe, Security
Tags:, , , ,




Responses so far:

  1. I really can?t wait until HTML5 is more widely adapted so that I can dump this junk call Adobe? Flash. Are there any viable alternatives coming out to replace the PDF format?

Leave a Reply � Follow Ghacks � Subscribe To Comment Rss

proxy server proxies hide my ip proxy free proxy

Autor: o

Brak komentarzy:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)