F-Secure
Tools
Adobe Flash Player 10.2.153.1 Security Update
| Report ID: | SA201106596 |
| Source: | F-Secure |
| Date of Discovery: | 22.03.2011 |
| Criticality: | Critical |
| Affects: | Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris Adobe Flash Player 10.2.154.18 and earlier for Chrome Adobe Flash Player 10.1.106.16 and earlier for Android Adobe AIR 2.5.1 and earlier for Windows, Macintosh and Linux |
| Compromise From: | From remote |
| Compromise Type: | Remote code execution |
Summary
A security update for Adobe Flash Player has been released to address a vulnerability that could cause application crash and potentially allow remote code execution on an affected system.
Detailed Description
Adobe has issued a security update, following a reported vulnerability in Adobe Flash Player that could lead to application crash and remote code execution.
There are reports on the vulnerability being exploited in the wild, using a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an e-mail attachment.
This issue has been resolved in the update, thus, users are recommended to update to the latest version of applicable product.
Solution
Install the latest update for applicable product version, available from the following sources:
• Flash Player Download Center (Flash Player 10.2.152.33 and earlier)
• Flash Player Licensing (Flash Player 10.2.152.33 and earlier - network distribution)
• Android Marketplace (Flash Player 10.1.106.16 and earlier for Android)
• Google Chrome Releases (Google Chrome)
• AIR Download Center (AIR 2.5.1)
Original Reference
APSB11-05: Security update available for Adobe Flash Player (http://www.adobe.com/support/security/bulletins/apsb11-05.html)
CVE Reference
CVE-2011-0609