|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
   Vol.3, Issue 1
   Vol.2, Issue 3
   Vol.2, Issue 2
   Vol.2, Issue 1
   Vol.1, Issue 1
    World CERTs
    Email Abuse
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU Vulnerability Note VN-2012-109

Adobe Flash Player Object Confusion Flaw Lets Remote Users Execute Arbitrary Code

Original Issue Date: May 04, 2012

Severity Rating: High

Systems Affected:

  • Adobe Flash Player version 11.2.202.233 and earlier
  • Adobe Flash Player version 11.1.102.63 and earlier - network distribution
  • Adobe Flash Player version 11.1.115.7 and earlier for Android 4.x
  • Adobe Flash Player version 11.1.111.8 and earlier for Android 3.x and 2.x

Description

A vulnerability has identified in Adobe Flash Player and it has been exploited by remote attackers to cause execution of arbitrary code on the affected system. This vulnerability exists because of a confusion flaw that when loaded by a target user, will allow remote attacker to trigger the flaw and execute arbitrary code. The code will run with the privileges of the user. This vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

Solution

Users are advised to apply updates.

More information about the updates is available on:

http://www.adobe.com/support/security/bulletins/apsb12-09.html

Vendor Information

Adobe

www.adobe.com

CVE Information

CVE-2012-0779

References

Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb12-09.html

Security Tracker
http://www.securitytracker.com/id/1027023

Secunia
http://secunia.com/advisories/49096/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact  Information

Email:

Hotline:

800 2378

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis

 
 
News & Events
Computer Security Day 2012
Awareness sessions in State Secondary Schools
Workshop on Mobile Hacking
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
 
  more...
 
Virus Alerts
RSS Feed
 
 
 

Last Updated 20-Jul-2012
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +