Security Advisory Security Advisory for Adobe Flash Date 2009-23

Reviews

Shared by: oas111

Tags

adobe reader, adobe flash player, security advisory, adobe products, adobe acrobat, the adobe, critical vulnerability, release date, adobe flash, swf file, cve number, code execution, dll file, remote code, multimedia support

Stats

views:: 2
rating:: not rated
reviews:: 0
posted:: 11/3/2009
language:: English
pages:: 0

Public Domain

Security Advisory Security Advisory for Adobe Flash Date: 2009-23-07 Relevant CVEs: CVE-2009-2862, CVE-2009-1580 Vendor Confirmation: http://www.adobe.com/support/security/advisories/apsa09-03.html Details: Unpatched vulnerabilities in Adobe Flash 10.0.22.87 and earlier, 9.0.139.0 and earlier, and 9.1.2 and earlier, Adobe Reader 9, and Adobe Acrobat 9 are being used to infect machines with malicious software after a user visits webpage or opens a PDF containing a compromised Flash applet. It is advised to disable vulnerable Adobe products or to use the Mozilla Firefox extension noscript to reduce this risk. Microsoft Windows, Mac OS X, GNU/Linux (and other Unix-based variants) are affected. Solutions: The following recommendations will mitigate this risk:1 • • Mozilla Firefox users should take a proactive approach and limit which websites can execute Adobe Flash applets. This can be solved using the noscript extension. Remove vulnerable Adobe products until an updated version corrects this problem. Adobe Reader and Adobe Acrobat can be disabled with the following steps:2 Microsoft Windows users, delete or rename the following files: “%ProgramFiles%\Adobe\Reader 9.0\authplay.dll” and “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll” Apple Mac OS X, delete or rename the following files: “/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle” and “/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework” GNU/Linux users, delete or rename the following files (Location may be different depending on the distribution and installation method): “/opt/Adobe/Reader9/Reader/intelllinux/lib/libauthplay.so” and “/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so” For additional information about this risk to the SIUC community, contact the SIUC Network Security Team by email at security@siu.edu. 1 US-CERT, e-mail to US-CERT Technical Alert mailing list, July 27, 2009, http://www.uscert.gov/cas/techalerts/TA09-204A.html. 2 U.S. Department of Homeland Security. US-CERT. 2009. Vulnerability Note VU#259425: Adobe Flash vulnerability affects Flash Player and other Adobe products. http://www.kb.cert.org/vuls/id/259425.