1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Adobe Flash Player 10.2.153.1 Security Update

Report ID: SA201106596
Source: F-Secure
Date of Discovery: 22.03.2011
Criticality: Critical
Affects:
Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris
Adobe Flash Player 10.2.154.18 and earlier for Chrome
Adobe Flash Player 10.1.106.16 and earlier for Android
Adobe AIR 2.5.1 and earlier for Windows, Macintosh and Linux

Compromise From: From remote
Compromise Type: Remote code execution

Summary

A security update for Adobe Flash Player has been released to address a vulnerability that could cause application crash and potentially allow remote code execution on an affected system.

Detailed Description

Adobe has issued a security update, following a reported vulnerability in Adobe Flash Player that could lead to application crash and remote code execution.

There are reports on the vulnerability being exploited in the wild, using a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an e-mail attachment.

This issue has been resolved in the update, thus, users are recommended to update to the latest version of applicable product.

 

Solution

Install the latest update for applicable product version, available from the following sources:

  • Flash Player Download Center (Flash Player 10.2.152.33 and earlier)
  • Flash Player Licensing (Flash Player 10.2.152.33 and earlier - network distribution)
  • Android Marketplace (Flash Player 10.1.106.16 and earlier for Android)
  • Google Chrome Releases (Google Chrome)
  • AIR Download Center (AIR 2.5.1)
 

 

Original Reference

APSB11-05: Security update available for Adobe Flash Player (http://www.adobe.com/support/security/bulletins/apsb11-05.html)

CVE Reference

CVE-2011-0609