Pages

3/27/2011

Adobe Flash Vulnerability CVE-2011-0609

Adobe Flash Vulnerability
CVE-2011-0609

Vulnerability Detail: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0609
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.106.16 and earlier on Android, and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

Adobe Advisory
http://www.adobe.com/support/security/advisories/apsa11-01.html

Affected Versions:
Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.2.154.18 and earlier for Chrome users
Adobe Flash Player 10.1.106.16 and earlier for Android
The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

Adobe Patch Schedule
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html

Metasploit Blog Post (Explanation and Example) http://blog.metasploit.com/2011/03/adobe-flash-cve-2011-0609.html

A vdo walkthrough on using this vulnerability on Metasploit by WowZataz

No comments:

Post a Comment