Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Critical Zero-Day Remote Code Execution Vulnerability in Adobe Flash Player, Acrobat, and Reader

( APSB11-05, APSB11-06APSA11-01, CVE-2011-0609 )

Summary


A critical remote code execution vulnerability has been reported in Adobe Flash Player as well as in the Authplay.dll component that is included in Acrobat and Reader. A remote attacker may exploit this vulnerability to execute arbitrary code on an affected system.

Details

Adobe Flash Player is a multimedia and application player that renders Shockwave Flash (SWF) files. Adobe Reader and Acrobat are applications developed by Adobe Systems for viewing, creating, manipulating, and managing documents using Adobe's Portable Document Format (PDF) core technology.

The vulnerability is due to an error in the Adobe Flash Player and in Authplay.dll when parsing SWF files embedded in Excel files. A remote attacker may exploit this issue by convincing a victim to open a specially crafted Excel file that contains a malicious SWF file embedded within it. Successful exploitation of this vulnerability will crash the application, and may allow execution of arbitrary code on the vulnerable system.

Affected Products

This issue exists in the following products:

  • Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.18 and earlier for Chrome users
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
  • Adobe AIR 2.5.1 and earlier for Windows, Macintosh and Linux

Solution


It is recommended that the patches for Flash, Acrobat, and Reader as described in APSB11-05 and APSB11-06 be applied as soon as is practical. In the meantime, Check Point IPS Software Blade provides immediate network protection for unpatched systems against this vulnerability in the latest IPS update by detecting and blocking attempts to exploit it. For more information see CPAI-2011-079.

 

Originally Published:

Last Updated: 23-Mar-2011

Legal Notice for Threat Center Advisories