JPCERT-AT-2010-0015
                                                             JPCERT/CC
                                                            2010-06-11

                   <<< JPCERT/CC Alert 2010-06-11 >>>

     Vulnerabilities in Adobe Flash Player, Adobe Acrobat/Reader

             https://www.jpcert.or.jp/at/2010/at100015.txt


I. Overview
  Multiple vulnerabilities have been found in Adobe Flash Player and 
Adobe Acrobat/Reader. The vulnerabilities exist in a common component 
of these products. As a result, an attacker could execute arbitrary 
code by convincing a user to open a specially crafted PDF file or view 
a specially crafted web page.

    Adobe - Security Bulletins:
    APSB10-14 Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb10-14.html

  Users are strongly recommended to update Flash Player to the 
corrected software provided by Adobe.
  As for Adobe Acrobat/Reader, product updates will be released on 
June 30, 2010. Until then, please consider applying the workaround 
recommended by Adobe.


II. Products Affected

  Affected products are as follows:
  - Adobe Flash Player 10.0.45.2 and earlier
  - Adobe Reader and Acrobat 9.3.2 and earlier
  - Adobe AIR 1.5.3.9130 and earlier


III. Solution

  1) Adobe Flash Player
     Update Adobe Flash Player to the latest version (10.1.53.64). For 
     more information, refer to the following website:

     Adobe Flash Player Download Center
     http://get.adobe.com/jp/flashplayer/
     http://get.adobe.com/flashplayer/ 

     The Adobe Flash Player version number installed on your PC can be 
     verified through the following page:

     Adobe Flash Player: Version Information
     http://www.adobe.com/jp/software/flash/about/
     http://www.adobe.com/products/flash/about/  

  2) Adobe Acrobat and Reader
     On June 30, 2010 (Japan time), the latest versions of Adobe 
     Acrobat and Reader will be released. Apply the updates as soon as 
     they are released.

     Adobe Reader and Acrobat will be updated by starting the products, 
     selecting the menu Help (H), and then clicking Check for Updates 
     (U).


IV. References

    Adobe - Security Advisories:
    Security Advisory for Flash Player, Adobe Reader and Acrobat
    http://www.adobe.com/support/security/advisories/apsa10-01.html

    JVNTA10-159A
    Vulnerabilities in Adobe Reader, Acrobat, and Flash Player
    http://jvn.jp/cert/JVNTA10-159A/index.html

    Adobe.com - New downloads
    http://www.adobe.com/support/downloads/new.jsp


  If you have any further questions or information regarding this 
alert, please contact JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/