JPCERT-AT-2012-0006
                                                             JPCERT/CC
                                                            2012-02-16

                  <<< JPCERT/CC Alert 16.02.12 >>>

             Vulnerabilities in Adobe Flash Player

            https://www.jpcert.or.jp/at/2012/at120006.html


I. Overview

  Adobe Flash Player contains multiple vulnerabilities. As a result, a 
remote attacker could execute arbitrary code or perform cross-site 
scripting attacks by convincing a user to open specially crafted 
contents.

  Adobe Systems has already observed targeted attacks exploiting the 
cross-site scripting vulnerability (CVE-2012-0767), and has indicated 
that e-mail containing links leading to attack vector sites are being 
sent.
When a user clicks on a link contained in such e-mails, the attacker 
can impersonate the user and perform actions such as changing the 
user's settings on the website or accessing the user's webmail.

  Users are recommended to update to the corrected software provided 
by Adobe Systems.

    Adobe Security Bulletins APSB12-03
    Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb12-03.html


II. Products Affected

  Affected products and versions are as follows:

  - Adobe Flash Player 11.1.102.55 and earlier

For more information, refer to Adobe website.


III. Solution

- Adobe Flash Player

  Update Adobe Flash Player to the following latest version. For more 
information, refer to Adobe website.

  - Adobe Flash Player 11.1.102.62

  Note that Adobe Flash Player 11 does not support Firefox 3.6. In 
that case, update to the following version.

  - Adobe Flash Player 10.3.183.15

    Adobe Flash Player Download Center
    http://get.adobe.com/jp/flashplayer/
    http://get.adobe.com/flashplayer/

  The Adobe Flash Player version number installed on your PC can be 
verified through the following page:

    Adobe Flash Player:Version Information
    http://www.adobe.com/jp/software/flash/about/
    http://www.adobe.com/products/flash/about/

* Even if using browsers other than Internet Explorer, Flash Player 
may be installed on Internet Explorer. Therefore, the Flash Player for 
Internet Explorer should also be updated.


IV. References

    Adobe Security Bulletins APSB12-03
    Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb12-03.html


  If you have any further questions or information regarding this 
alert, please contact JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/