[SingCERT] Adobe Flash Player 'SWF' File Remote Memory Corruption Vulnerability

Last Updated on Tuesday, 12 April 2011 16:05

[ Summary ]

Adobe Flash Player is prone to a remote memory-corruption vulnerability.

Adobe Flash Player is a multimedia application for multiple platforms.

An attacker crafts a malicious Flash file ('.swf' file) containing arbitrary code to leverage the issue and to carry out some actions on

their behalf. The attacker embeds the file in a Microsoft Word ('.doc') file. The attacker uses email or other means to distribute the Word file

and to entice an unsuspecting user to open it. When the victim opens the file, the attacker's code runs.

Exploits for this issue have been reported in the wild.

[ Affected Systems ]

1. This vulnerability affects:
   1) Adobe Flash Player 10.2.153.1 and earlier versions for Windows operating systems
   2) The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows operating systems

NOTE: Adobe Reader and Acrobat 8.x are not affected by this issue.


[ Impact Analysis ]

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application, to take control of

the affected system. Failed exploit attempts will likely result in denial-of-service conditions.

[ Solution/Workaround ]

Patches are currently unavailable. Agencies are advised to implement the following workarounds and mitigations where applicable.

• Ensure that AntiVirus and IDS definitions are up to date.
• Run all software as a nonprivileged user with minimal access rights.
• Deploy network intrusion detection systems to monitor network traffic for malicious activity.
• Do not open files from untrusted sources.
• Avoid visiting links of questionable integrity.

[ Reference]

• http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html
• http://www.adobe.com/support/security/advisories/apsa11-02.html