Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe August 2011 Black Tuesday Overview - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe August 2011 Black Tuesday Overview

Although none of us seems to have seen any warning, Adobe has released 5 bulletins today.

Overview of the August 9th 2011 Adobe Patches.

# Affected Known Exploits Adobe rating
APSB11-19 Multiple memory corruption vulnerabilities in the shockwave player allow random code execution.
Shockwave Player

CVE-2010-4308
CVE-2010-4309
CVE-2011-2419
CVE-2011-2420
CVE-2011-2421
CVE-2011-2422
CVE-2011-2423
TBD Critical
APSB11-20 A memory corruption vulnerability in the Flash media Server (FMS) allows a denial of service.
Flash Media Server (FMS)

CVE-2011-2132
TBD Critical
APSB11-21 Multiple vulnerabilities in flash player allow random code execution.
Flash Player

CVE-2011-2134
CVE-2011-2135
CVE-2011-2136
CVE-2011-2137
CVE-2011-2138
CVE-2011-2139
CVE-2011-2140
CVE-2011-2414
CVE-2011-2415
CVE-2011-2416
CVE-2011-2417
CVE-2011-2425
Adobe claims to not be aware of any exploits in the wild against the vulnerabilities are patched in Flash Player Critical
APSB11-22 A memory corruption vulnerability in Photoshop CS5, CS5.1 and earlier allows random code execution.
Photoshop

CVE-2011-2131
TBD Critical
APSB11-23 A cross site scripting (XSS) vulnerability attack against RoboHelp installations.
RoboHelp

CVE-2011-2133
TBD Important

Please note that adobe is at the time of writing inconsistent in the CVE names they fixed (CVE-2010-XXXX vs CVE-2011-XXXX), I've tried to guess the right ones, but we won't know for sure till the CVE databases are up to date.

This is an effort to try to structure the non-microsoft patches more or less in a familiar format on Black Tuesday, depending on the amount of available information available we can have more or less columns. Do let us know what you think of it!

--
Swa Frantzen -- Section 66

Swa

760 Posts
You can thank Tavis Ormandy for this one. WAY more flaws fixed than are listed here, according to him.

https://twitter.com/#!/taviso/status/101046246277521409
bonsaiviking

5 Posts
I sure am glad to see it! Having the info aggregated into one place like this would be very helpful! :)
Nathan

8 Posts
This format is and will be very useful! Thanks for posting it.
Scott B.

2 Posts

Sign Up for Free or Log In to start participating in the conversation!