Severity: High
Summary:
- These vulnerabilities affect: Shockwave Player, Flash Player, Reader X, and Acrobat X
- How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
- Impact: Various results; in the worst case, an attacker can gain complete control of your computer
- What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.
Exposure:
Today, Adobe released three security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Player, and Reader and Acrobat X.
A remote attacker could exploit the worst of these flaws to gain complete control of your computer. We summarize these three Adobe security bulletins below:
- APSB12-16: Multiple Reader and Acrobat Vulnerabilities
Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.
Adobe’s bulletin describes 20 vulnerabilities that affect Adobe Reader and Acrobat X 10.1.3 and earlier, running on Windows and Macintosh. Adobe doesn’t describe the flaws in much technical detail, but does note that most of them involve buffer overflow and memory corruption issues. Almost all of them share the same scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit any of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.
Adobe Priority Rating: 1 (Patch within 72 hours)
- APSB12-17: Five Shockwave Memory Corruption Vulnerabilities
Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
Adobe’s bulletin warns of five unspecified memory corruption vulnerabilities that affect Shockwave Player 11.6.5.635 and earlier for Windows and Macintosh. All five flaws share the same impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.
Adobe Priority Rating: 2 (Patch within 30 days)
- APSB12-18: Flash Player Code Execution Vulnerability
Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.
Adobe’s bulletin describes a serious flaw that affects Flash Player 11.3.300.270 and earlier for all platforms. They don’t describe the vulnerability (CVE-2012-1535) in detail, but they do describe its impact. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit this flaw to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
Adobe also warns that attackers are currently exploiting this flaw in the wild via malicious Word documents, which target Windows users. We highly recommend you patch Flash Player immediately
Adobe Priority Rating: 1 (Patch within 72 hours)
Solution Path:
Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you.
- APSB12-16:
- Adobe Reader X 10.1.4
- Adobe Acrobat X 10.1.4
- APSB12-17: Upgrade to Shockwave 11.6.6.636
- APSB12-18: Download the latest Flash Player
For All WatchGuard Users:
Attackers can exploit these flaws using diverse exploitation methods. Installing Adobe’s updates is your most secure course of action.
Status:
Adobe has released patches correcting these issues.
References:
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).
Frankie says
Running an admin point install, fails on the AdobeArmHelper.exe could not be found in data1.cab. “It could indicate a network error, a problem with this CD-ROM or a problem with this package”. Lol. Circus. Bring on 10.1.5, maybe it’ll bring world peace.
how can you generate electricity says
Navy maintains no such experiment occurred. Only in the final decade
has there been an explosion on solar conversion technologies.
a sheds says
One that doesn’t allow you to die completely.” Die? As she moved to climb up the beasts fell more than, crashing through the railing.
http://www.youtube.com/ says
Can you envision that?
Carb Back Loading says
Bobbi Leder: Did you take any supplements or protein shakes?
Females’s Overall health.
ledegustateur.com says
This is a relatively easy dish to make, especially if you have the
base sauce made ahead of time. Poach the chicken for 20 minutes or until firm when touched
remove the pan from the heat, uncover, cool the chicken in the liquid for half an hour.
You can also leave out the prosciutto and lettuce, cube the mango, and serve it as a salsa
to accompany meat or fish dishes.
sms free says
Come on and enjoy the special free offer of leading Vo – IP service provider Phone Kall.
If we’ve left out one of your favorite calling apps on Black –
Berry then please leave a comment below. Customers just need to verify with the company regarding
the number of minutes they can talk per month.
goede-boekwinkeltjes.info says
Foods to be eliminated: bananas, strawberries, kiwis, citrus fruits,
corn, pineapples and papayas, plus nightshade vegetables such as eggplants, peppers, potatoes,
and tomatoes. You may think your Candida infection is uncomfortable, painful and downright annoying but did you know that if left untreated Candida can be
potentially life threatening. Leaky stomach syndrome in partnership with autism continues to be researched; a number of studies along with
study are under method to greater know how your syndrome begins,
the reason why it can be common within autistic kids, and the way to address it.
my.opera.com says
The Sarver research team, together with experts from the Arizona Department of Health Services, evaluated survival rate data of victims of cardiac
arrest. Knowing the common diagnosis and the common treatments will
ready you for the practice scenarios and testing mega codes.
Waiting for proper health care may claim the crucial five minutes
and bring the patient too close to death.
identity force says
Further analysis revealed that identity theft
costs about $4865 per person violated, yet identity protection services cost
around $250 per year. You might also keep in mind that
most identity thieves have no problem with dumpster
diving, and obtaining your information from your trash.
Delete items such as internet history, internet cache,
temporary internet files and browser tracking cookies,
all of which can house valuable financial and personal information.
ACLS Certification says
Who should attend: Crime Scene Investigators, Law Enforcement Professionals, Registered nurses, Forensic Nurses, EMS Professionals
and other healthcare professionals interested in learning more
about the evaluation, documentation, pathology and pathophysiology of the submerged victim.
CPR does not change ventricular fibrillation to a normal heart rhythm.
In female patients, the elderly, and those with diabetes there is a higher occurrence of atypical presentation.
100 virgin indian hair says
I tried taking a picture of it, but it really doesn’t show in picture, which has been a blessing or else I would have taken this hair out already.
Finger-dry, or use a wide-toothed comb instead of a brush to gently remove the knots.
I wrap my hair every night and I tie it down with a scarf.
Quick Sale says
They have all of the necessary forms and will handle everything for you.
Check from the outside and make sure it’s a good one.
Before searching for e – Bay wholesale products it is wise to consider exactly what sort of
items you wish to sell.
essay writing says
The French country style home is considered as one of the most luxurious and exquisite homes in the area.
What you can do is to contact them and see how
they respond to your request and queries. So, when they buy a custom essay, they actually cheat.
online File Storage says
By using existing internet connections organizations can view and document any time.
In this matter, client computer directly reveals services
for control node. Think about it ‘ While technology saves your business from using physical resources, it
can also have negative effects on the environment you weren’t even aware
of.
sex addict story says
needs the income, too, in order to avoid alternative methods
of taxing its citizens. At first, I would occasionally use the Internet simply for fun-to read anecdotes or
chat on ICQ. A good portion of sufferers have been those who want pornographic materials.
pdf editor windows says
Superb site you hav here but I was curious if you knew of any message boards that cover the same topics discussed in this article?
I’d reall like to be a part of group where I can get feedbadk from other knowledgeable peopl that share the
same interest. If yyou have any recommendations, please let
me know. Kudos!