MA-304.032012 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Flash Player
Date of publication: 2012-03-29
Multiple critical vulnerabilities (CVE-2012-0772, CVE-2012-0773) have been identified in Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x.
This vulnerability allows a remote attacker to execute arbitrary code on a vulnerable version of Adobe Flash Player. User interaction is required where a user must visit a malicious website which is embedded with a specially crafted SWF file. These vulnerabilities would cause the application to crash and could potentially allow attacker to take control of the affected system.
By exploiting this vulnerability, an attacker could execute arbitrary code on vulnerable installations of Adobe Flash and gain the same privilege as the user. These vulnerabilities could be exploited to install malware on the user's computer.
3.0 Affected Products
Products listed below are vulnerable to these vulnerabilities:
- Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and 2.x
- Adobe AIR 188.8.131.5280 and earlier versions for Windows, Macintosh and Android
MyCERT recommends users of Adobe Flash Player to upgrade to the newest version by downloading it from the following
Users of Adobe Flash Player 184.108.40.206 and earlier versions for Android 3.x and earlier versions should update to Flash Player 220.127.116.11 by browsing to the Android Marketplace or Google Play on an Android device at https://play.google.com/store/apps/details?id=com.adobe.flashplayer&hl=en
MyCERT generally advise users to keep themselves updated with the latest security announcements by the vendor. In case the public receives any suspicious URL or .SWF file, and requires our further analysis, please reach us through the following channels:
E-mail : firstname.lastname@example.org
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT
Business Hours : Mon - Fri 08:30 -17:30 MYT