Vulnerabilities in Adobe Flash Player

Vulnerabilities in Adobe Flash Player

                                                   JPCERT-AT-2011-0030
                                                             JPCERT/CC
                                            2011-11-11 (First edition)
                                                  2011-11-11 (Updated)

                  <<< JPCERT/CC Alert 11.11.11 >>>

                Vulnerabilities in Adobe Flash Player

            https://www.jpcert.or.jp/at/2011/at110030.txt


I. Overview

  Adobe Flash Player contains multiple vulnerabilities. As a  result, 
a remote attacker could terminate Adobe Flash Player or execute 
arbitrary code by convincing a user to open specially crafted contents.

  Users are recommended to update to the corrected software provided 
by Adobe Systems.

    Adobe Security Bulletins APSB11-28
    Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb11-28.html


II. Products Affected

  Affected products and versions are as follows:

  - Adobe Flash Player 11.0.1.152 and earlier
  - Adobe AIR 3.0 and earlier

For more information, refer to Adobe website.


III. Solution

- Adobe Flash Player

  Update Adobe Flash Player to the following latest version. For more 
information, refer to Adobe website.

  - Adobe Flash Player 11.1.102.55

  Note that since Adobe Flash Player 11 does not support Firefox 3.6, 
users of Firefox 3.6 should update to the following version.

  - Adobe Flash Player 10.3.183.11

    Adobe Flash Player Download Center
    http://get.adobe.com/jp/flashplayer/
    http://get.adobe.com/flashplayer/

  The Adobe Flash Player version number installed on your PC can be 
verified through the following page:

    Adobe Flash Player:Version Information
    http://www.adobe.com/jp/software/flash/about/
    http://www.adobe.com/products/flash/about/

* Even if using browsers other than Internet Explorer, Flash Player 
  may be installed on Internet Explorer. Therefore, the Flash Player 
  for Internet Explorer should also be updated.

- Adobe AIR

  Update Adobe AIR to the following latest version. For more 
information, refer to Adobe website.

  - Adobe AIR 3.1.0.4880

    Adobe AIR Download Center
    http://get.adobe.com/jp/air/
    http://get.adobe.com/air/


IV. References

    Adobe Security Bulletins APSB11-28
    Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb11-28.html


  If you have any further questions or information regarding this 
alert, please contact JPCERT/CC.

________
Revision history
2011-11-11 First edition
2011-11-11 Solution corrected based on information provided by Adobe 
           Systems

* The inital published version mentioned that the latest version of 
  Adobe Flash Player could not be downloaded under Firefox 3.6. 
  However, since Adobe Flash Player 10.3.183.11 is provided for 
  browsers not supported by Adobe Flash Player 11, corrections were 
  made.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top
Privacy Policy
TOP

About JPCERT/CC

Incident Response

Vulnerability Handling

Control System Security

Documents

Published information

APCERT

What's new !!

Related organizations

Vulnerabilities in Adobe Flash Player
