Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2013

Help Centre

Reporting Channels

Definitions of Incidents

Cyber999 - Service Level Agreement

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2012

MA-299.022012 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Flash Player

Date of publication: 2012-02-16

1.0 Introduction

Multiple critical vulnerabilities (CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767) have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x.

CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756 vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable version of Adobe Flash Player. On the other hand CVE-2012-0767 is a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. [1][2]

2.0 Impact

The impact of the vulnerabilities can be described as below:

CVE-2012-0751 - Memory corruption vulnerability that could lead to code execution (Windows ActiveX control only)
CVE-2012-0752 - A type confusion memory corruption vulnerability that could lead to code execution
CVE-2012-0753 - An MP4 parsing memory corruption vulnerability that could lead to code execution
CVE-2012-0754 - A memory corruption vulnerability that could lead to code execution
CVE-2012-0755 - A security bypass vulnerability that could lead to code execution
CVE-2012-0756 - A security bypass vulnerability that could lead to code execution
CVE-2012-0767 - A universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website

3.0 Affected Products

Products listed below are vulnerable to these vulnerabilities:

Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.

4.0 Recommendation

MyCERT recommends users of Adobe Flash Player to upgrade to the newest version by downloading it from the following URL:

http://get.adobe.com/flashplayer/

Users may also consider using a vulnerability management tool such as Secunia to ensure that all applications are updated:

http://secunia.com/vulnerability_scanning/personal/

MyCERT generally advise users to keep themselves updated with the latest security announcements by the vendor. In case the public receives any suspicious URL or .SWF file, and requires our further analysis, please reach us through the following channels:

E-mail : mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References

i. https://www.adobe.com/support/security/bulletins/apsb12-03.html
ii. http://www.zdnet.com/blog/security/adobe-flash-player-xss-flaw-under-active-attack/10344
iii. http://www.foregroundsecurity.com/blog/flash-origin-attack-faq.html