JPCERT-AT-2011-0030
JPCERT/CC
2011-11-11 (First edition)
2011-11-11 (Updated)
<<< JPCERT/CC Alert 11.11.11 >>>
Vulnerabilities in Adobe Flash Player
https://www.jpcert.or.jp/at/2011/at110030.txt
I. Overview
Adobe Flash Player contains multiple vulnerabilities. As a result,
a remote attacker could terminate Adobe Flash Player or execute
arbitrary code by convincing a user to open specially crafted contents.
Users are recommended to update to the corrected software provided
by Adobe Systems.
Adobe Security Bulletins APSB11-28
Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb11-28.html
II. Products Affected
Affected products and versions are as follows:
- Adobe Flash Player 11.0.1.152 and earlier
- Adobe AIR 3.0 and earlier
For more information, refer to Adobe website.
III. Solution
- Adobe Flash Player
Update Adobe Flash Player to the following latest version. For more
information, refer to Adobe website.
- Adobe Flash Player 11.1.102.55
Note that since Adobe Flash Player 11 does not support Firefox 3.6,
users of Firefox 3.6 should update to the following version.
- Adobe Flash Player 10.3.183.11
Adobe Flash Player Download Center
http://get.adobe.com/jp/flashplayer/
http://get.adobe.com/flashplayer/
The Adobe Flash Player version number installed on your PC can be
verified through the following page:
Adobe Flash Player:Version Information
http://www.adobe.com/jp/software/flash/about/
http://www.adobe.com/products/flash/about/
* Even if using browsers other than Internet Explorer, Flash Player
may be installed on Internet Explorer. Therefore, the Flash Player
for Internet Explorer should also be updated.
- Adobe AIR
Update Adobe AIR to the following latest version. For more
information, refer to Adobe website.
- Adobe AIR 3.1.0.4880
Adobe AIR Download Center
http://get.adobe.com/jp/air/
http://get.adobe.com/air/
IV. References
Adobe Security Bulletins APSB11-28
Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb11-28.html
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
________
Revision history
2011-11-11 First edition
2011-11-11 Solution corrected based on information provided by Adobe
Systems
* The inital published version mentioned that the latest version of
Adobe Flash Player could not be downloaded under Firefox 3.6.
However, since Adobe Flash Player 10.3.183.11 is provided for
browsers not supported by Adobe Flash Player 11, corrections were
made.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top