Adobe has released security advisory APSA11-02 to alert users of a vulnerability affecting the following Adobe products:

  • Flash Player and earlier versions for Windows, Macintosh, Linux, and Solaris
  • Flash Player and earlier versions for Chrome
  • Flash Player and earlier versions for Android * the Authplay.dll component that ships with Adobe Reader and
  • Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

The Adobe advisory indicates that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment.
However, the method of attack can change at any time.

At this time, Adobe has not released a fix to mitigate this vulnerability. Vulnerbility Team encourages users and administrators to do the following to help mitigate the risks until a fix becomes available:
* Review Adobe security advisory APSA11-02.
* Exercise caution when opening unsolicited email attachments.
* Refer to the Using Caution with Email Attachments Cyber Security

REFERENCE: http://www.adobe.com/support/security/advisories/apsa11-02.html

fuente: adobe.com | us-cert.org

0 comentarios: