Adobe Announces Several Flash Player Vulnerabilities
( Adobe Security Bulletin APSB11-12 )
Summary
Adobe has announced several vulnerabilities in their Flash Player product, all of which could allow a remote attacker to take control of a targeted system.
Details
Adobe Flash Player is a multimedia and application player that renders Shockwave Flash (SWF) files.
Each vulnerability can be exploited by a remote attacker by convincing a user to open a specially-crafted Flash file containing malicious code. The table below lists each vulnerability along with the corresponding industry reference pages and Check Point protection.
| Flash Player Vulnerability | Industry Reference | Check Point Protection |
|---|---|---|
| ActionScript ActionJump Remote Code Execution | CVE-2011-0624 | CPAI-2011-253 |
| ActionScript ActionIf Remote Code Execution | CPAI-2011-254 | |
| ActionScript Action Colors Array Heap Overflow | CVE-2011-0620 | CPAI-2011-255 |
| ActionScript DoABC Tag Integer Overflow | CVE-2011-0618 | CPAI-2011-256 |
| ActionScript StageObject Memory Corruption | CVE-2011-0622 | CPAI-2011-257 |
| ActionScript ArrayObject Memory Corruption | CVE-2011-0627 | CPAI-2011-258 |
| DefineFontAlignZones Tag Remote Code Execution | CVE-2011-0626 | CPAI-2011-259 |
| Newobject Instruction Memory Corruption | CVE-2011-0621 | CPAI-2011-260 |
Affected Products
The following products are affected by these vulnerabilities:
- Adobe Flash Player 10.2.159.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.2.154.28 and earlier versions for Chrome users
- Adobe Flash Player 10.2.157.51 and earlier versions for Android
Solution
The Check Point IPS Software Blade provides network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to leverage them. Consult the Check Point Protection links above for more information.
Originally Published:
Last Updated: 17-May-2011