-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0100 Title: Security update available for Adobe Flash Player [1] Version history: 14.08.2012 Initial publication Summary ======= Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system. CVE Numbers: CVE-2012-1535 CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) [2,3] There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows. Adobe recommends users update their product installations to the latest versions. Vulnerable systems ================== Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux operating systems What can you do? ================ Fixes are available [1]. What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb12-17.html [2] Information about CVSS: http://www.first.org/cvss/cvss-guide.html [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQLR/zAAoJEPpzpNLI8SVoRhIP/j8x/DvhKh3dVpc2TyE13isZ 3PtdOc/UJ9t+lBHHzcuqE8d/Jb3skVHZS1Ljia58VKoGnCSJ105BQEVOsLuCiY3+ vjld2xozUlGjlnR4e+5qgx9mNnENffcx+5ujjBsJjpUfHgoTYPtyH1uZz7cNupzb nrDpg8UPMLmcrmQpIs23jHIu8LuzlsZC2kJ7wr1F+g49QGInFFIDfjnyZw3hpAPy Tshe69o74A1Dw8ScwCiVuDrVkZ7QYbRQMBsM012syKVSqg+qNCeANitqLdm8L78e MFHh/VoQnU6NFlGufUuYYyp2z2gLMYIq3Ue3R+DIncX8p+RMfzNOTY5sd1nvaf1m A8hTS3Cyjrqe4n2sKAMTdP88ZQE3q7R7yudO7inFj6FUAR16vJy0B77nQx4aoijO SJlJqBh8xveDgV/MbHkQr8NoADcfUqLKk1W/IUVogJtRuICmyewkGcN0ir5wXRbO 5go5Feq1S9VMkRHfE+ZXNNnJVjTnKMmhZiD0s6ZVzg2urKzSgjHW4G+4zDmUNTNF rdmNntl9w70ZTkBWUHNdyYOnJ6HCKshNn1Q426fK+EYGWFMtjIxczD+aKP0K5pgj qd8NU7LrT66w+1eWf6rOTFLypAT5pphYGbx2lr5KGtkOWuVd9/7ZWn9SlZ+7adQV i8W/y1z0tjhOJkX9nQga =yge4 -----END PGP SIGNATURE-----