Affected Software Versions

• Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.2.154.18 and earlier for Chrome users
• Adobe Flash Player 10.1.106.16 and earlier for Android
• The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe has confirmed that the vulnerability is being actively exploited in the wild with the help of a .swf file embed within Excel spreadsheet.

Description

This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. Adobe is not currently aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Users can follow the Adobe PSIRT blog if they are keen on updating the vulnerability as soon as the fix is available.

© CompuWorld - because The Genius Inside You Is Still Sleeping.

Related Software Versions
Adobe Reader 7.0.8 and earlier versions
Adobe Acrobat Standard, Professional and Elements 7.0.8 and earlier versions
Adobe Acrobat 3D

Description

A cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat could allow remote attackers to inject arbitrary JavaScript into a browser session.The vulnerability could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. These vulnerabilities have been assigned a critical severity rating. A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities.

Workaround Available [via Adobe Security Advisories]

Adobe Reader on Windows
Adobe strongly recommends upgrading to Adobe Reader 8, available from the following site:
http://www.adobe.com/go/getreader.

Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. Adobe Reader 7.0.9 is available as a full installation package and not a patch. It can be installed on top of any older version of Reader 7 and user preferences will be preserved:
http://www.adobe.com/go/getreader.

If customers are using Adobe Reader 6.0–6.0.5 and are unable to upgrade to version 8 or 7.0.9 due to Operating System constraints for example, Adobe recommends upgrading to version 6.0.6 either via a series of patches from: http://www.adobe.com/downloads or by using the auto-update mechanism within the product when prompted.

Adobe Reader on Mac OS
Adobe strongly recommends upgrading to Adobe Reader 8, available from the following site: http://www.adobe.com/go/getreader.

Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. The Reader 7.0.9 update requires that Adobe Reader 7.0.8 is installed on your Mac system. To determine which version of Adobe Reader is installed, choose Adobe Reader > About Adobe Reader. The version number appears in the upper left corner below the Adobe Reader logo.

If version 7.0.8 is installed, download and install this incremental patch.
After downloading the update file, double-click it to begin the update process and access the file’s contents.

If version 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.5, 7.0.7 or an earlier version of Reader is installed and customers cannot update to Reader 8, Adobe recommends that customers download the full Adobe Reader 7.0.9 installer from the Reader download page.

Adobe Acrobat on Windows or Mac OS
For version 7.0–7.0.8, users should utilize the product’s automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the update files can also be manually downloaded and installed from www.adobe.com/downloads.

If customers are using Adobe Acrobat 6.0–6.0.5 for Windows and are unable to upgrade to version 8 or 7.0.9 due to Operating System constraints for example, Adobe recommends upgrading to Windows version 6.0.6 either via a series of patches from: http://www.adobe.com/downloads or by using the auto-update mechanism within the product when prompted.

Adobe Reader on UNIX
For version 7.0, users should upgrade to Adobe Reader 7.0.9 from http://www.adobe.com/go/getreader.

For versions prior to 7.0, users should upgrade to 7.0.9 http://www.adobe.com/go/getreader.

Server-side workarounds for website operators
Adobe has provided workarounds for website operators to prevent the cross-site scripting vulnerability (CVE-2007-0045) from the server side. Please review Security Advisory APSA07-02 for more information.

Related:
Vulnerability In MS Office
25th Birthday Of Virus
Hackers Attacked Gorbachev’s Website

© CompuWorld - because The Genius Inside You Is Still Sleeping.