added April 12, 2011 at 10:39 am | updated April 12, 2011 at 02:00 pm
Adobe has released security advisory APSA11-02 to alert users of a vulnerability affecting the following Adobe products:
- Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris * Flash Player 10.2.154.25 and earlier versions for Chrome * Flash Player 10.2.156.12 and earlier versions for Android * the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.
Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
The Adobe advisory indicates that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment. However, the method of attack can change at any time.
At this time, Adobe has not released a fix to mitigate this vulnerability. US-CERT encourages users and administrators to do the following to help mitigate the risks until a fix becomes available:
- Review Adobe security advisory APSA11-02. * Exercise caution when opening unsolicited email attachments. * Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
Additional information can be found in US-CERT Vulnerability Note VU#230057. US-CERT will provide additional details as they becomes available.
US-CERT Vulnerability Note VU#230057
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat