|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
  CERT-MU Vulnerability Note VN-2010-13

Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability

Original Issue Date: June 8, 2010

Severity Rating: High

Systems Affected

  • Adobe Flash Player 10.0.45.2
  • Adobe Flash Player 9.0.262
  • Adobe Flash Player 10.0.x
  • Adobe Flash Player 9.0.x and earlier
  • Adobe Reader and Acrobat 9.3.2
  • Adobe Reader and Acrobat 9.x and earlier

Overview

A vulnerability has been reported in Adobe Flash Player, Acrobat Reader, and Acrobat which could allow remote code execution to take complete control of the systems installed with vulnerable versions of Adobe.

Description

This vulnerability is caused due to a vulnerable component "authplay.dll" of Adobe Reader and Acrobat. This vulnerability could be exploited by sending or enticing users to open specially crafted PDF file. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code to take complete control of the systems installed with vulnerable versions of Adobe. It has been reported that this vulnerability is exploiting in a wild and the exploit is detected as PDF/Pidief.RP.

Workarounds

  • Delete the vulnerable component “authplay.dll”
  • Do not opening PDF files received from untrusted and unknown sources
  • Do not open PDF files received unexpectedly from trusted sources
  • Disable JavaScript and ActiveX scripting in the browser settings
  • Exercise caution while visiting websites
  • Disable displaying and automatic opening of PDF documents in Web Browser
  • Install Adobe Flash Player 10.1 Release Candidate

Solution

Install Adobe Flash Player 10.1 Release Candidate as suggested in
APSA-10-01.

Vendor Information

Adobe Security Bulletin
http://www.adobe.com/support/security/advisories/apsa10-01.html

References

SecurityFocus
http://www.securityfocus.com/bid/40586

McAfee
http://community.mcafee.com/servlet/JiveServlet/downloadBody/1524-102-2-1527/MTIS10-107.pdf

CA Technologies
http://community.ca.com/blogs/securityadvisor/archive/2010/06/06/zero-day-attack-in-adobe-products.aspx

CVE Name
CVE-2010-1297

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

  
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +
10-Jul-2011