Yet another Adobe Flash/Reader/Acrobat 0 day

SANS ISC: Yet another Adobe Flash/Reader/Acrobat 0 day

SANS Site Network
- Current Site
- SANS Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Yet another Adobe Flash/Reader/Acrobat 0 day

Published: 2011-04-11
Last Updated: 2011-04-11 22:33:13 UTC
by Johannes Ullrich (Version: 1)

Adobe released that a so far unpatched vulnerability has been used in recent targeted attacks.

Flash Player 10.2.153.1 is vulnerable, as is the flash player component used to execute flash in Adobe Reader / Acrobat. Adobe Reader X is vulnerable bu but not exploitable.

At this time, according to Adobe, the attack is performed using Flash files embedded in Word documents.

Note that Flash may be embedded in other Office document formats like Excel. Adobe is not planning on an out of band patch at this point, as Adobe Reader X is not exploitable.

[1] http://www.adobe.com/support/security/advisories/apsa11-02.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe flash

10 comment(s)

Top of page

Diary Archives