Yet another Adobe Flash/Reader/Acrobat 0 day
Adobe released that a so far unpatched vulnerability has been used in recent targeted attacks.
Flash Player 10.2.153.1 is vulnerable, as is the flash player component used to execute flash in Adobe Reader / Acrobat. Adobe Reader X is vulnerable bu but not exploitable.
At this time, according to Adobe, the attack is performed using Flash files embedded in Word documents.
Note that Flash may be embedded in other Office document formats like Excel. Adobe is not planning on an out of band patch at this point, as Adobe Reader X is not exploitable.
[1] http://www.adobe.com/support/security/advisories/apsa11-02.html
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments
sbass
Apr 11th 2011
1 decade ago
cscott
Apr 11th 2011
1 decade ago
"We are in the process of finalizing a schedule for delivering updates for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011."
If I remember correctly protected mode in MAC OSX is not fully implemented. May be useful but cannot remember off hand. -->
http://learn.adobe.com/wiki/display/security/Protected+Mode+FAQ
drStrangeP0rk
Apr 11th 2011
1 decade ago
Ottmar Freudenberger
Apr 12th 2011
1 decade ago
jrzmurray
Apr 12th 2011
1 decade ago
http://www.adobe.com/products/flash/about/
K-Dee
Apr 12th 2011
1 decade ago
Al of Your Data Center
Apr 12th 2011
1 decade ago
K-Dee
Apr 12th 2011
1 decade ago
http://www.adobe.com/software/flash/about/
AE1
Apr 12th 2011
1 decade ago
K-Dee
Apr 12th 2011
1 decade ago