CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol.3, Issue 1

Vol.2, Issue 3

Vol.2, Issue 2

Vol.2, Issue 1

Vol.1, Issue 1

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2012-109

Adobe Flash Player Object Confusion Flaw Lets Remote Users Execute Arbitrary Code

Original Issue Date: May 04, 2012

Severity Rating: High

Systems Affected:

Adobe Flash Player version 11.2.202.233 and earlier
Adobe Flash Player version 11.1.102.63 and earlier - network distribution
Adobe Flash Player version 11.1.115.7 and earlier for Android 4.x
Adobe Flash Player version 11.1.111.8 and earlier for Android 3.x and 2.x

Description

A vulnerability has identified in Adobe Flash Player and it has been exploited by remote attackers to cause execution of arbitrary code on the affected system. This vulnerability exists because of a confusion flaw that when loaded by a target user, will allow remote attacker to trigger the flaw and execute arbitrary code. The code will run with the privileges of the user. This vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

Solution

Users are advised to apply updates.

More information about the updates is available on:

http://www.adobe.com/support/security/bulletins/apsb12-09.html

Vendor Information

Adobe

www.adobe.com

CVE Information

CVE-2012-0779

References

Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb12-09.html

Security Tracker
http://www.securitytracker.com/id/1027023

Secunia
http://secunia.com/advisories/49096/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email:

Hotline:

800 2378

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis