CERT-MU Vulnerability Note
Adobe Flash Player Object Confusion Flaw Lets Remote Users Execute Arbitrary Code
Original Issue Date:
May 04, 2012
Severity Rating: High
- Adobe Flash Player version 220.127.116.11 and earlier
- Adobe Flash Player version 18.104.22.168 and earlier - network distribution
- Adobe Flash Player version 22.214.171.124 and earlier for Android 4.x
- Adobe Flash Player version 126.96.36.199 and earlier for Android 3.x and 2.x
A vulnerability has identified in Adobe Flash Player and it has been exploited by remote attackers to cause execution of arbitrary code on the affected system. This vulnerability exists because of a confusion flaw that when loaded by a target user, will allow remote attacker to trigger the flaw and execute arbitrary code. The code will run with the privileges of the user. This vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.
Users are advised to apply updates.
More information about the updates is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street