-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: Review: Remote code-execution vulnerability in Adobe Flash Player (CERT-EU Security Advisory 2012-0061) Reference: CERT-EU Security Advisory 2012-0061 Title: Remote code-execution vulnerability in Adobe Flash Player [1] Version history: 07.05.2012 Initial publication Summary ======= Adobe released security updates for Adobe Flash Player. These updates address an object confusion vulnerability (CVE-2012-0779)[2] that could cause the application to crash and potentially allow an attacker to take control of the affected system. It was reported that this vulnerability is exploited in the wild.[3] The current exploit targets Flash Player on Internet Explorer for Windows only. CVSS v2 Base Score: 10.0 (CRITICAL) (AV:N/AC:L/Au:C/C:C/I:C/A:C)[4] Vulnerable systems ================== * Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems * Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x. To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. What can you do? ================ Fix is available [1]. What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb12-09.html [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0779 [3] Description of the current exploit by Symantec http://www.symantec.com/connect/blogs/targeted-attacks-using-confusion-cve-2012-0779 [4] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well. Data Protection: CERT-EU complies with EU Regulation 45/2001 with regards to personal data protection. Our privacy statement is published here http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPp31XOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4O6Hg//ZcYXYnn1 wQobVPUmY5Hdx0uyX39unfg68GiH+ZqDuZT2ufnz5pBmk5sKOL4+806eTNLNyzGO n12cM3lAPAF/d22gRPLg5xr1yVIETeHE6xOiJ5d0pve8DfmDRnKKp8ao2WFuV3QW oBOGILIxe2OCLNKjxMlbyi+DLh7r79CnFZbVCTWRDC9DRm8Ef1FP0rue6KveXkIM NOYHp9vBKaYfvnVyXaImKsUzu5psAlIdaBwUEZsjz3QMlSko4w0uV/4kOJvi9mIJ j2Tfa6LldUB+V+R/VvKfubGpqHTdsXN+RD9JKAr76vTQsxAXrGrfTmhho3t04pZG sI4I+1pg0o23ezyAWygY88orfLMQs5LJilloanb5AGnnF/l4/ppsbKGKmvMgDPAK FgezgIydqM5HktjzJY8yOP4yKtg7R3Uq9CTLjp1w+RnP4Y4oXnDYH1oDalZ/w+rt OgwooPW/wkd5WVU9JqEG+K4xjXARDDN84P2CmvuoIA0m4qhBpO8ps2WKYN/7x9sp NnQaXbgK6gC9NaQJiFFOoglX+od38uxxkVVaXDHY30agN/umHo29bcPy0/CJkIdX pu9unornZJdC3la2ynL0XFUW94yxDu8xkdezL/pNDN4mWO4avSDBYLj0A2lLjyUb 0H+nQue4DgDELQpI1wzs4Poyz/khznIvw/0= =WWkH -----END PGP SIGNATURE-----