                                                   JPCERT-AT-2012-0014
                                                             JPCERT/CC
                                                            2012-05-07
                                   
                  <<< JPCERT/CC Alert 07.05.12 >>>

          Vulnerabilities in Adobe Flash Player (APSB12-09)

        https://www.jpcert.or.jp/english/at/2012/at120014.html


I. Overview

  Adobe Flash Player contains multiple vulnerabilities. As a result,
a remote attacker could terminate Adobe Flash Player or execute
arbitrary code by convincing a user to open specially crafted
contents. Adobe Systems has already observed targeted email attacks
exploiting some of these vulnerabilities. Users are recommended to
update to the corrected software provided by Adobe Systems.
    
    Adobe Security Bulletins APSB12-09 (English)
    Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb12-09.html


II. Products Affected

  Affected products and versions are as follows:

  - Adobe Flash Player 11.2.202.233 and earlier

For more information, refer to the Adobe Systems website.


III. Solution

  Update Adobe Flash Player to the following latest version. For more
information, refer to Adobe Systems website.

  - Adobe Flash Player 11.2.202.235

    Adobe Flash Player Download Center
    http://get.adobe.com/jp/flashplayer/

  The Adobe Flash Player version number installed on your PC can be
verified through the following page:

    Adobe Flash Player: Version Information
    http://www.adobe.com/jp/software/flash/about/

* Even if using browsers other than Internet Explorer, Flash Player
  may be installed on Internet Explorer. Therefore, the Flash Player
  for Internet Explorer should also be updated.


IV. References

    Adobe Security Bulletins APSB12-09
    Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb12-09.html

    Symantec
    Targeted Attacks Using Confusion (CVE-2012-0779)
    http://www.symantec.com/connect/blogs/targeted-attacks-using-confusion-cve-2012-0779

  If you have any information regarding this alert, please contact
JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/