added March 15, 2011 at 10:29 am Adobe has released a security advisory to alert users of a vulnerability affecting the following products:
- Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux, and Solaris * Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users * Adobe Flash Player 10.1.106.16 and earlier versions for Android * The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh.
Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. At this time, the vendor has not released a fix for this vulnerability. The Adobe advisory indicates that this vulnerability is being actively exploited via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
Adobe has indicated that it expects to release a fix for this vulnerability during the week of March 21, 2011. In the interim, users and administrators are encouraged to implement the following workarounds to help reduce the risks.
Additional information regarding this vulnerability, including detailed workaround instructions, can be found in US-CERT Vulnerability Note VU#192052. US-CERT will provide additional information as it becomes available.
US-CERT Vulnerability Note VU#192052
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat