MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2011
Bookmark and Share

MA-286.082011 : MyCERT Alert - Security Updates for Multiple Critical Vulnerabilities in Adobe Products

Date of publication: 2011-08-10

1.0 Introduction

Adobe has released 5 security updates on August 9, 2011 where 4 of them are rated Critical and 1 is rated Important. The details are as below:

  • Security update for Adobe Shockwave Player (Critical Severity)
  • Security update for Adobe Flash Media Server (Critical Severity)
  • Security update for Adobe Flash Player (Critical Severity)
  • Security update for Adobe Photoshop CS5 (Critical Severity)
  • Security update for RoboHelp (Important Severity)

2.0 Impact

Successful exploitation of these critical vulnerabilities allows the attacker to run malicious code on the affected system. Specially crafted URL could be used to create a cross-site scripting attack on RoboHelp installations to be used to spread malware or steal cookies.

3.0 Affected Products

Adobe Shockwave Player

- Shockwave Player11.6.0.626 and earlier versions for Windows and Macintosh

Adobe Flash Media Server

- Flash Media Server 4.0.2 and earlier versions for Windows and Linux
- Flash Media Server 3.5.6 and earlier versions for Windows and Linux

Adobe Flash Player

- Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.3.185.25 and earlier versions for Android
- Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android

Adobe Photoshop CS5

- Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh

RoboHelp

- RoboHelp 9 (versions 9.0.1.232 and earlier)
- RoboHelp 8
- RoboHelp Server 9
- RoboHelp Server 8 for Windows

4.0 Recommendation

MyCERT recommends users of Adobe to upgrade to the newest version of the affected softwares from:

Adobe Shockwave Player

http://get.adobe.com/shockwave/

Adobe Flash Media Server

http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

Adobe Flash Player (Windows and Mac)

http://get.adobe.com/flashplayer/
http://get.adobe.com/air/

Adobe Flash Player (Android)

http://market.android.com/details?id=com.adobe.flashplayer
http://market.android.com/details?id=com.adobe.air

Adobe Photoshop CS5

Photoshop CS5/CS5.1 Standard Multiplugin Update for Windows : https://www.adobe.com/support/downloads/detail.jsp?ftpID=5161

Photoshop CS5/CS5.1 Standard Multiplugin Update for Windows (Win64) : https://www.adobe.com/support/downloads/detail.jsp?ftpID=5162

Photoshop CS5/CS5.1 Standard Multiplugin Update for Macintosh : https://www.adobe.com/support/downloads/detail.jsp?ftpID=5160

RoboHelp

Please refer the Solution section in https://www.adobe.com/support/security/bulletins/apsb11-23.html

MyCERT generally advise users to keep themselves updated with the latest security announcements by the vendor. In case the public receives any suspicious URL or .SWF file, and requires our further analysis, please reach us through the following channels:

E-mail : mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References