From security em unicamp.br Mon Jun 7 16:08:34 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 7 Jun 2010 16:08:34 -0300 Subject: [SECURITY-L] HEADS UP: FreeBSD 7.2 EoL coming soon Message-ID: <20100607190834.GD40772@unicamp.br> ---------- Forwarded message ---------- From: *FreeBSD Security Officer* > Date: Sat, Jun 5, 2010 at 12:05 PM Subject: HEADS UP: FreeBSD 7.2 EoL coming soon To: freebsd security >, FreeBSD Stable > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On June 30th, FreeBSD 7.2 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of this release are strongly encouraged to upgrade to FreeBSD 7.3 before that date; FreeBSD 7.3 will be supported until the end of March 2012. Please note that since FreeBSD 7.1 has been designated for 'Extended' support, it will continue to be supported until the end of January 2011, i.e., FreeBSD 7.1 will be supported longer than FreeBSD 7.2. The End of Life date for FreeBSD 7.2 was originally announced as May 31, but was delayed by one month in accordance with Security Team policy in order to allow a 3 month window between the release of FreeBSD 7.3 and the End of Life of FreeBSD 7.2 to allow time for systems to be upgraded. The freebsd-update(8) utility can be used to upgrade i386 and amd64 systems from 7.2-RELEASE (or 7.2-RELEASE-pX for some X) to 7.3-RELEASE using binary updates (i.e., without compiling from source) as described in the 7.3-RELEASE announcement; given an adequate internet connection, this process usually takes 15 minutes or less. The current supported branches and expected EoL dates are: +---------------------------------------------------------------------+ | Branch | Release | Type | Release date | Estimated EoL | |-----------+------------+--------+-----------------+-----------------| |RELENG_6 |n/a |n/a |n/a |November 30, 2010| |---------------------------------------------------------------------| |RELENG_6_4 |6.4-RELEASE |Extended|November 18, 2008|November 30, 2010| |---------------------------------------------------------------------| |RELENG_7 |n/a |n/a |n/a |last release + 2y| |-----------+------------+--------+-----------------+-----------------| |RELENG_7_1 |7.1-RELEASE |Extended|January 4, 2009 |January 31, 2011 | |-----------+------------+--------+-----------------+-----------------| |RELENG_7_2 |7.2-RELEASE |Normal |May 4, 2009 |June 30, 2010 | |-----------+------------+--------+-----------------+-----------------| |RELENG_7_3 |7.3-RELEASE |Extended|March 23, 2010 |March 31, 2012 | |-----------+------------+--------+-----------------+-----------------| |RELENG_8 |n/a |n/a |n/a |last release + 2y| |-----------+------------+--------+-----------------+-----------------| |RELENG_8_0 |8.0-RELEASE |Normal |November 25, 2009|November 30, 2010| |-----------+------------+--------+-----------------+-----------------| |RELENG_8_1 |8.1-RELEASE |Extended|not yet |release + 2 years| +---------------------------------------------------------------------+ - -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkwKZ8QACgkQFdaIBMps37LL9wCfRspIGXYatsdPDbBR8OZEDocs BagAnAmTXen6TQ+2ER3oF6702stmxVIJ =ydCN -----END PGP SIGNATURE----- _______________________________________________ freebsd-stable em freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe em freebsd.org " ----- End forwarded message ----- From security em unicamp.br Wed Jun 9 10:23:40 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Jun 2010 10:23:40 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA10-159B -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20100609132340.GD57551@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA10-159B -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 8 Jun 2010 15:33:08 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-159B Microsoft Updates for Multiple Vulnerabilities Original release date: June 08, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Office * Microsoft SharePoint Services * Microsoft .NET Framework Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft SharePoint Services, and Microsoft .NET Framework. I. Description The Microsoft Security Bulletin Summary for June 2010 describes vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint Services, and .NET Framework. Microsoft has released updates to address the vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for June 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for June 2010 - * Microsoft Windows Server Update Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA10-159B Feedback VU#855166" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History June 08, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTA6Wzj6pPKYJORa3AQLl4Qf/dTsaW53BBruyFOcypbooTw5ULG9E5wPa /DEiksCuX8hYOoev9jDDyhXZQIaE2OrkWdLpJJBtXwJJ4XhBqyni3fhQFrIkwGVQ 3w3068TGE6v/sjV/W/qWmkZjl4r+FIcR9VRlulLet9ZZAxoJ7VgTg/1O8eixr7SO HpO+Xb3l3d4/XUGtTKCu5DsTTD1l6qQr66m3l4o26Bj834qfh0fvfneZHXCy3PUH /lE3nFxH3M+JOQEdapgc/aYVnrcroZKix61lfs2S1NIUxvBAxea0UFZtywIId0hK Sh2LGp7tUlXpfk8oo8LMgKG1y25xYmLE5WYIhO4E6Mas3jT/9ArwHQ== =mq6Z -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Jun 9 10:24:05 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Jun 2010 10:24:05 -0300 Subject: [SECURITY-L] CAIS-Alerta: Resumo dos Boletins de Segurana Microsoft - Junho 2010 Message-ID: <20100609132404.GE57551@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Segurança Microsoft - Junho 2010 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 8 Jun 2010 17:53:46 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 10 boletins de segurança em 08 de Junho que abordam ao todo 10 vulnerabilidades em produtos da empresa. A exploração destas vulnerabilidades permite execução remota de código, escalação de privilégios de usuários locais conectados e adulteração de conteúdo de aplicações. No momento da publicação deste resumo há exploração ativa de uma das vulnerabilidades do boletim: MS10-041 (CVE-2009-0217). SEVERIDADE . Crítica - MS10-033: Vulnerabilidade na biblioteca de descompressão de arquivos multimídia Vulnerabilidade que permite a execução remota de código - MS10-034: Vulnerabilidade no ActiveX Vulnerabilidade que permite a execução remota de código - MS10-035: Vulnerabilidade no Internet Explorer Vulnerabilidade que permite a execução remota de código . Importante - MS10-032: Vulnerabilidade nos drivers Kernel-Mode do Windows Vulnerabilidade que permite elevação de privilégios de um usuário local conectado no sistema - MS10-036: Vulnerabilidade na validação COM do Microsoft Office Vulnerabilidade que permite a execução remota de código - MS10-037: Vulnerabilidade no driver Windows OpenType Compact Font Format (CFF) Vulnerabilidade que permite elevação de privilégios de um usuário local conectado no sistema - MS10-038: Vulnerabilidade no Microsoft Office Excel Vulnerabilidade que permite a execução remota de código - MS10-039: Vulnerabilidade no Microsoft SharePoint Vulnerabilidade que permite elevação de privilégios de um usuário local conectado no sistema - MS10-040: Vulnerabilidade no Microsoft Internet Information Services (IIS) Vulnerabilidade que permite a execução remota de código - MS10-041: Vulnerabilidade no Microsoft .NET Framework Vulnerabilidade que permite adulteração de dados XML assinados sem ser detectada. . Moderada - Nenhum boletim . Baixa - Nenhum boletim O sistema de classificação de severidade das vulnerabilidades adotado pelo CAIS neste resumo é o da própria Microsoft. O CAIS recomenda que se aplique, minimamente, as correções para vulnerabilidades classificadas como crítica e importante. No caso de correções para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas. . Crítica - Vulnerabilidades cuja exploração possa permitir a propagação de um worm sem a necessidade de interação com o usuário. . Importante - Vulnerabilidades cuja exploração possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuários ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploração é mitigada significativamente por fatores como configuração padrão, auditoria ou dificuldade de exploração. . Baixa - uma vulnerabilidade cuja exploração seja extremamente difícil ou cujo impacto seja mínimo. CORREÇÕES DISPONÍVEIS Recomenda-se atualizar os sistemas para as versões disponíveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Windows Server Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx MAIS INFORMAÇÕES . Microsoft Security Bulletin Summary for June 2010 http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx . SANS ISC Handler's Diary 2010-06-08 - June 2010 Microsoft Black Tuesday Summary http://isc.sans.edu/diary.html?storyid=8929 . MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx . MS10-034: Cumulative Security Update of ActiveX Kill Bits (980195) http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx . MS10-035: Cumulative Security Update for Internet Explorer (982381) http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx . MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx . MS10-036: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx . MS10-037: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx . MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx . MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx . MS10-040: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) http://www.microsoft.com/technet/security/bulletin/MS10-040.mspx . MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx . Microsoft TechCenter de Segurança http://technet.microsoft.com/pt-br/security/ . Microsoft Security Response Center - MSRC http://www.microsoft.com/security/msrc/ . Microsoft Security Research & Defense - MSRD http://blogs.technet.com/srd/ . Segurança Microsoft http://www.microsoft.com/brasil/security/ Identificador CVE (http://cve.mitre.org): CVE-2009-0217, CVE-2010-0252, CVE-2010-0255, CVE-2010-0484, CVE-2010-0485, CVE-2010-0811, CVE-2010-0817, CVE-2010-0819, CVE-2010-0821, CVE-2010-0822, CVE-2010-0823, CVE-2010-0824, CVE-2010-1245, CVE-2010-1246, CVE-2010-1247, CVE-2010-1248, CVE-2010-1249, CVE-2010-1250, CVE-2010-1251, CVE-2010-1252, CVE-2010-1253, CVE-2010-1254, CVE-2010-1255, CVE-2010-1256, CVE-2010-1257, CVE-2010-1259, CVE-2010-1260, CVE-2010-1261, CVE-2010-1262, CVE-2010-1263, CVE-2010-1264, CVE-2010-1879, CVE-2010-1880 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os Alertas do CAIS também são oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBTA6t4ekli63F4U8VAQEuhQP/SVgeQMO3uPptesY4p+jKE+b3rQGEFWf+ JH7O3ZO/MRLz3+UlmiQv6Kcru+CxJ1omoJUTCGBkOXAv4hOW78fEr0dURR9w/SQ6 t5C0IN/HsX6koZM56oKFIYTUw1L4knB9ut0MwMtbvWdnlTXnOKkuMe2YiER1SCm/ M0hmUzRqHzU= =iKOp -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Jun 9 10:24:26 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Jun 2010 10:24:26 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA10-159A -- Adobe Flash, Reader, and Acrobat Vulnerability Message-ID: <20100609132425.GF57551@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA10-159A -- Adobe Flash, Reader, and Acrobat Vulnerability To: technical-alerts em us-cert.gov Date: Tue, 8 Jun 2010 17:48:27 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-159A Adobe Flash, Reader, and Acrobat Vulnerability Original release date: June 08, 2010 Last revised: -- Source: US-CERT Systems Affected * Adobe Flash Player 10.0.45.2 and earlier 10.x versions * Adobe Flash Player 9.0.262 and earlier 9.x versions * Adobe Reader 9.3.2 and earlier 9.x versions * Adobe Acrobat 9.3.2 and earlier 9.x versions Other Adobe products that support Flash may also be vulnerable. Overview According to Adobe, there is a vulnerability in Adobe Flash. This vulnerability affects Flash Player, Reader, Acrobat, and possibly other products that support Flash. A remote attacker could exploit this vulnerability to execute arbitrary code. I. Description Adobe Security Advisory APSA10-01 describes a vulnerability in Adobe Flash that affects Flash Player, Reader, and Acrobat. It may also affect other products that independently support Flash, such as Photoshop, Photoshop Lightroom, Freehand MX, and Fireworks. An attacker could exploit this vulnerability by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in PDF and other documents or provided as a stand-alone file. As noted in APSA10-01, "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat." Additional information is available in US-CERT Vulnerability Note VU#486225. II. Impact If a user opens specially crafted Flash content, a remote attacker may be able to execute arbitrary code. III. Solution Update Adobe Security Advisory APSA10-01 suggests updating to the release candidate of Flash Player 10.1. Disable Flash in your web browser Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. Disable Flash in Adobe Reader and Acrobat Disabling Flash in Adobe Reader will mitigate attacks that rely on Flash content embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results in a more user-friendly error message instead of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9, delete, rename, or remove access to these files: Microsoft Windows "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll" Apple Mac OS X "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle" "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework" GNU/Linux (locations may vary among distributions) "/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so" "/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so" File locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D & Multimedia support. Disabling these plugins will reduce functionality and will not protect against Flash content hosted on websites. Depending on the update schedule for products other than Flash Player, consider leaving Flash and 3D & Multimedia support disabled unless they are absolutely required. Prevent Internet Explorer from automatically opening PDF documents The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF documents in the web browser Preventing PDF documents from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser, do the following: 1. Open Adobe Acrobat Reader. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript provides some additional protection against attacks. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Enable DEP in Microsoft Windows Consider enabling Data Execution Prevention (DEP) in supported versions of Windows. DEP should not be treated as a complete workaround, but it can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts "Understanding DEP as a mitigation technology" part 1 and part 2. Use of DEP should be considered in conjunction with the application of patches or other mitigations described in this document. Do not access PDF documents from untrusted sources Do not open unfamiliar or unexpected PDF documents, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. References * Security Advisory for Flash Player, Adobe Reader and Acrobat - * Adobe Labs - Flash Player 10 pre-release - * US-CERT Vulnerability Note VU#486225 - * Securing Your Web Browser - * Understanding DEP as a mitigation technology part 1 - * Understanding DEP as a mitigation technology part 2 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA10-159A Feedback VU#486225" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History June 08, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTA65yT6pPKYJORa3AQLS9wf/fh+7IwRtBvoPgn8pYeOsVheLkbVLWC3W miWUnY1acuPTwZzG5JcAldRHksFkx1j0mMEvp4PhtiTr51JFPi4XgDfrG4cEcVaw nuAqEV+hLAWZkMex/jWxBV+85tZqKN0kiUr3bq5DPsdkhjV7c2MFfS8BSxLXLuPm OFAXPT+XFldq6MJhYUOtWT1CIz6PNPfo68KmZaUThjdqkkBW3HQu90OSRf2c6M/u V6KBQf7QuhpPqYUqAZU6ZUNEfL/7g2BwvuPjUMlgE5N+Z8EYnhyhu0qDtZeLUcXA 2gH31VEr79DUHJqpb9jk61bi5Dm4gjHeLHoTAwu0IrduZzXvWncfIg== =ZPZM -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Mon Jun 14 10:39:27 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 14 Jun 2010 10:39:27 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA10-162A -- Adobe Flash and AIR Vulnerabilities Message-ID: <20100614133927.GA90148@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA10-162A -- Adobe Flash and AIR Vulnerabilities To: technical-alerts em us-cert.gov Date: Fri, 11 Jun 2010 17:17:03 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-162A Adobe Flash and AIR Vulnerabilities Original release date: June 11, 2010 Last revised: -- Source: US-CERT Systems Affected * Adobe Flash Player 10.0.45.2 and earlier 10.x versions * Adobe Flash Player 9.0.262 and earlier 9.x versions * Adobe AIR 1.5.3.9130 and earlier versions Other Adobe products that support Flash may also be vulnerable. Overview According to Adobe Security Bulletin APSB10-14, there are vulnerabilities in Adobe Flash and AIR. These vulnerabilities affect Flash Player, AIR, and possibly other products that support Flash. A remote attacker could exploit these vulnerabilities to execute arbitrary code. I. Description Adobe Security Bulletin APSB10-14 describes vulnerabilities in Adobe Flash that affects Flash Player and AIR. It may also affect other products that independently support Flash, such as Adobe Reader, Acrobat, Photoshop, Photoshop Lightroom, Freehand MX, and Fireworks. An attacker could exploit these vulnerabilities by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in a PDF and other documents or provided as a stand-alone file. One of these vulnerabilities, CVE-2010-1297, is being exploited against Flash Player, Adobe Reader, and Acrobat. Additional information about CVE-2010-1297 is available in US-CERT Technical Cyber Security Alert TA10-159A and US-CERT Vulnerability Note VU#486225. II. Impact If a user opens specially crafted Flash content, a remote attacker may be able to execute arbitrary code. III. Solution Update Flash and AIR Adobe Security Bulletin APSB10-14 recommends updating to Flash Player 10.1.53.64 or 9.0.277.0 and AIR to 2.0.2.12610. This will update the Flash web browser plug-in and ActiveX control and AIR, but will not update Flash support in Adobe Reader, Acrobat, or other products. To reduce your exposure to these and other Flash vulnerabilities, consider the following mitigation technique. Disable Flash in your web browser Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. IV. References * Adobe Security Bulletin APSB10-14 - * Technical Cyber Security Alert TA10-159A - * US-CERT Vulnerability Report VU#486225 - * Securing Your Web Browser - * CVE-2010-1297 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA10-162A Feedback VU#486225" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History June 11, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTBKnQj6pPKYJORa3AQIq+gf/emIaD07wO+6DwdTYMgpYQArprhO5bT+h kgISYW+OW7Gt4Dq9BkoXgPzgahRRwQZnp0pgjzRst5PsC5+Vn4WCHR8OZBSEoSeo eWL+Y8dqd/IYCPVWjocDbEoeKdDo02hIjRln3dIhvMYIJjO7hffL5OMhle1xW5aJ y1dYQ4L5oT0OHWN4ZtLnvhMJoqEmpf2Pc2j92JrSNdnesgbGIYNgvcH43vHGQbPp mA64SkfQCo80CeaSS6dPvnHfRhR8/lPWThoY6Mug4YcpO0Z9SZ7uQ1HftGdMkq67 E4kRZRpnpUGCglte3MVIg5gET3QV0Y8f2uDMv0fmEs38i91aRjJ0fA== =v/JA -----END PGP SIGNATURE----- ----- End forwarded message -----