Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Abobe November 2011 Black Tuesday Overview - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Abobe November 2011 Black Tuesday Overview

Adobe has released 1 bulletin today.

This updates Adobe products to the following versions:

  • Shockwave Player
    • 11.6.3.633
# Affected Known Exploits Adobe rating
APSB11-27 Multiple memory corruption vulnerabilities in the shockwave player allow random code execution.
Shockwave player

CVE-2011-2446
CVE-2011-2447
CVE-2011-2448
CVE-2011-2449
TBD Critical

 

--
Swa Frantzen -- Section 66

Swa

760 Posts
For those of us who register with Adobe for internal distribution of their patches, we get a web page that includes no version information, and has three download links, one for slim .exe, one for full install .exe and one for full install .msi format.

Both .exe links are up to date and will result in the now-current build.

The .msi link however has not been updated. The result is the same August-16-2011 build that is vulnerable and should now be replaced.

Adobe has pushed the deployment out to their CDN, Akamai.

It's only the link to them that needs updating. If you are registered for the distribution and click on the .msi link you get this (redacted is not the real FQDN)

http://redacted.example.com/get/shockwave/default/english/win95nt/10.1.4.020/sw_lic_full_installer.msi

and if you download an .exe file you will see that the numerical folder name in the middle is different. Until Adobe fixes their link, this will work fine for you:

http://redacted.example.com/get/shockwave/default/english/win95nt/10.2.0.022/sw_lic_full_installer.msi

If you inspect the result with Sigcheck.exe from SysInternals or inspect via right-click, properties, you will see the signature date is in November instead of August.

Sorry for the redaction in the URL, the distribution agreement prohibits publicly posting the actual URL.

NB: if you download the not-yet-updated .msi file and attempt to install it as the update you think it is, your Windows Application Event Log will show a successful installation. However, your version is not updated, and if you track the exit code, it is "1" instead of "0". You've done a re-install or repair, not an upgrade.
Andrew

41 Posts
Is it me or did Flash and Air updates also appear on the 7th? Don't recall seeing mention of them here?
Anonymous
Can someone refresh my memory - does Adobe release their updates/patches on the same Tuesday as the MS patches? I just did a quick check on adobe.com and did not see any mention of it. Thanks.
tb73

1 Posts
Thanks, Andrew, for sharing your efforts regarding the wayward .msi link.

The version checker at www.adobe.com/shockwave/welcome looks like it's back up and running now, which is good news.

A suggestion to Adobe: Please include a simple listing of the most current version number on the same page that shows the installed version number (like the chart featured on the Flash test page.)

And while I'm writing my wish list to Santa (gotta start early!) how about standardizing the two test page URLs to make it easier to remember?

For example, change "/software/flash/about" and "/flash/welcome" to develop consistency between the products.

Better yet, redirect "/flash/welcome" to the proper test page, so as to maintain compatibility with the current setup and help the caffeine-deprived that can't remember two differently-formatted links (who, ME...?)

:)
Nathan

8 Posts

Sign Up for Free or Log In to start participating in the conversation!