NNSquad - Network Neutrality Squad
[ NNSquad ] [dfarber@me.com: [IP] Fwd: Adobe Advisory: Disable Flash until Adobe gets this fixed]
----- Forwarded message from Dave Farber <dfarber@me.com> ----- Date: Thu, 17 Mar 2011 11:06:50 -0400 From: Dave Farber <dfarber@me.com> Subject: [IP] Fwd: Adobe Advisory: Disable Flash until Adobe gets this fixed Reply-To: dave@farber.net To: ip <ip@listbox.com> Begin forwarded message: > From: Randall Webmail <rvh40@insightbb.com> > Date: March 17, 2011 9:00:06 AM GMT-04:00 > To: johnmacsgroup@yahoogroups.com, dewayne@warpspeed.com > Cc: dave@farber.net > Subject: Adobe Advisory: Disable Flash until Adobe gets this fixed > > http://www.us-cert.gov/current/#adobe_releases_security_advisory_for6 > > Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat > > added March 15, 2011 at 10:29 am > Adobe has released a security advisory to alert users of a > vulnerability affecting the following products: > > * Adobe Flash Player 10.2.152.33 and earlier versions for Windows, > Macintosh, Linux, and Solaris > * Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users > * Adobe Flash Player 10.1.106.16 and earlier versions for Android > * The Authplay.dll component that ships with Adobe Reader and > Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and > Macintosh. > > > Exploitation of this vulnerability may allow an attacker to execute > arbitrary code or cause a denial-of-service condition. At this time, > the vendor has not released a fix for this vulnerability. The Adobe > advisory indicates that this vulnerability is being actively > exploited via a Flash (.swf) file embedded in a Microsoft Excel > (.xls) file delivered as an email attachment. > > Adobe has indicated that it expects to release a fix for this > vulnerability during the week of March 21, 2011. In the interim, > users and administrators are encouraged to implement the following > workarounds to help reduce the risks. > > * Disable Flash in the web browser as described in the Securing Your > Web Browser document. > * Disable Flash and 3D & Multimedia support in Adobe Reader 9 and later. > * Disable JavaScript in Adobe Reader and Acrobat. > * Prevent Internet Explorer from automatically opening PDF documents. > * Disable the displaying of PDF documents in the web browser. > * Enable DEP in Microsoft Windows. > * Utilize Microsoft EMET to enable runtime mitgations for Microsoft > Internet Explorer and Excel. > > > Additional information regarding this vulnerability, including > detailed workaround instructions, can be found in US-CERT > Vulnerability Note VU#192052. US-CERT will provide additional > information as it becomes available. > > > US-CERT Vulnerability Note VU#192052 > http://www.kb.cert.org/vuls/id/192052 > > > Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat > http://www.adobe.com/support/security/advisories/apsa11-01.html ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/125750-544611b7 Modify Your Subscription: https://www.listbox.com/member/?member_id=125750&id_secret=125750-5bb6cf56 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=125750&id_secret=125750-6876700a&post_id=20110317110705:6EA0EA80-50A8-11E0-98D9-D29D4C3AF512 Powered by Listbox: http://www.listbox.com ----- End forwarded message -----