Adobe Flash Player Remote Code Execution Vulnerability

Source: Internet
Author: User

Release date:
Updated on:

Affected Systems:
Adobe Acrobat 10.0.2
Adobe Acrobat
Adobe Flash Player <= 10.2.156.12 for Android
Adobe Flash Player <= 10.2.154.25 for Chrome
Adobe Flash Player <= 10.2.153.1 for Windows and Mac
Adobe Reader
Adobe AIR <= 2.6.19120
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47314
Cve id: CVE-2011-0611

Adobe Flash Player is an integrated multimedia Player that allows you to enjoy a wider multimedia experience on the Web. It displays and plays multimedia content from thousands of highly interactive games, to multimedia user interfaces with audio stream requirements, including live concerts and broadcasts.

Adobe Flash Player has a vulnerability in object type processing. Remote attackers can exploit this vulnerability to trick users into executing arbitrary commands on users' systems to process webpages or Office files containing malicious SWF files, this completely controls the affected systems.

An object method of Adobe Flash Player does not correctly identify the object type when being referenced. The vulnerability is triggered to execute malicious commands that allow attackers to control the address, attackers can exploit this vulnerability to execute arbitrary commands by carefully constructing data in the memory and combining Heap Spray and other technologies.

<* Source: Mila Parkour

Link: http://www.adobe.com/support/security/bulletins/apsb11-07.html
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

* Do not open all Office documents from unknown sources, especially Word and Excel files.

* Use the enhanced relief experience Toolkit (EMET) provided by Microsoft to protect applications that may be exploited by attackers, such as IE, Word, and Excel. Although the vulnerability cannot be triggered, the vulnerability can be exploited to a large extent.

EMET is a utility used to prevent software vulnerabilities from being exploited.

Download the enhanced experience toolkit from the following URL:
Http://go.microsoft.com/fwlink? LinkID = 200220 & clcid = 0x409

Run after installation. Click "Configure Apps" on the page and click "Add" in the dialog box to browse the installation directory of IE (usually c: \ program files \ Internet Explorer \ users select iexplore.exe, click "open", IE will be added to the protected project list, click "OK ", if IE is running, restart the application. Similar operations add other applications to protection.

Vendor patch:

Adobe
-----
Adobe has released a Security Bulletin (APSB11-07) and patches for this:

APSB11-07: Security update available for Adobe Flash Player

Link: http://www.adobe.com/support/security/bulletins/apsb11-07.html

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.