Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and previous versions on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and previous versions on Android; Adobe AIR 2.5.1 and previous versions; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x up to and including 9.4.2 and 10.x up to and including 10.0.1 on Windows and Mac OS X, allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player 10.1.92.10 |
||
adobe flash_player 10.0.15.3 |
||
adobe flash_player 9.0.112.0 |
||
adobe flash_player 9.0.246.0 |
||
adobe flash_player 9.0.45.0 |
||
adobe flash_player 9.0.114.0 |
||
adobe flash_player 9.0.31.0 |
||
adobe flash_player 9.0.124.0 |
||
adobe flash_player 8.0.22.0 |
||
adobe flash_player 10.1.95.1 |
||
adobe flash_player 10.0.12.10 |
||
adobe flash_player 10.0.0.584 |
||
adobe flash_player 9.0.16 |
||
adobe flash_player 9.0.125.0 |
||
adobe flash_player 9.0.28.0 |
||
adobe flash_player 10.0.22.87 |
||
adobe flash_player 9.0 |
||
adobe flash_player 9.0.155.0 |
||
adobe flash_player 7.0.25 |
||
adobe flash_player 7.0.63 |
||
adobe flash_player 9.0.20 |
||
adobe flash_player 7.0.24.0 |
||
adobe flash_player 7.0.1 |
||
adobe flash_player 7.2 |
||
adobe flash_player 7.0.70.0 |
||
adobe flash_player 9.0.277.0 |
||
adobe flash_player 10.1.82.76 |
||
adobe flash_player 10.1.92.8 |
||
adobe flash_player 10.1.52.14.1 |
||
adobe flash_player 10.1.102.64 |
||
adobe flash_player 10.0.42.34 |
||
adobe flash_player 10.0.45.2 |
||
adobe flash_player 9.0.28 |
||
adobe flash_player 9.0.260.0 |
||
adobe flash_player 9.0.20.0 |
||
adobe flash_player 9.0.283.0 |
||
adobe flash_player 8.0 |
||
adobe flash_player 8.0.24.0 |
||
adobe flash_player 9.0.48.0 |
||
adobe flash_player 9.0.115.0 |
||
adobe flash_player 7.0.53.0 |
||
adobe flash_player 7.0.60.0 |
||
adobe flash_player 7.0.19.0 |
||
adobe flash_player 7.0.69.0 |
||
adobe flash_player 10.1.53.64 |
||
adobe flash_player 10.1.52.15 |
||
adobe flash_player 10.2.152 |
||
adobe flash_player 10.2.152.32 |
||
adobe flash_player 8.0.33.0 |
||
adobe flash_player 8.0.42.0 |
||
adobe flash_player 7.0.66.0 |
||
adobe flash_player 7.0.73.0 |
||
adobe flash_player 7.0.67.0 |
||
adobe flash_player 7.1.1 |
||
adobe flash_player 7.0.14.0 |
||
adobe flash_player 6.0.79 |
||
adobe flash_player 10.1.85.3 |
||
adobe flash_player 10.2.152.33 |
||
adobe flash_player |
||
adobe flash_player 10.0.12.36 |
||
adobe flash_player 10.0.32.18 |
||
adobe flash_player 9.0.152.0 |
||
adobe flash_player 9.0.151.0 |
||
adobe flash_player 9.0.18d60 |
||
adobe flash_player 9.125.0 |
||
adobe flash_player 9.0.262.0 |
||
adobe flash_player 9.0.159.0 |
||
adobe flash_player 9.0.31 |
||
adobe flash_player 8.0.39.0 |
||
adobe flash_player 8.0.35.0 |
||
adobe flash_player 7.1 |
||
adobe flash_player 7.0.68.0 |
||
adobe flash_player 7.0.61.0 |
||
adobe flash_player 7.0 |
||
adobe flash_player 6.0.21.0 |
||
adobe flash_player 8.0.34.0 |
||
adobe flash_player 10.1.95.2 |
||
adobe flash_player 9.0.47.0 |
||
adobe flash_player 10.1.105.6 |
||
adobe acrobat 9.3.3 |
||
adobe acrobat 9.3.2 |
||
adobe acrobat 9.1.2 |
||
adobe acrobat 9.4.1 |
||
adobe acrobat 9.4.2 |
||
adobe acrobat_reader 9.3 |
||
adobe acrobat_reader 9.3.4 |
||
adobe acrobat_reader 9.4 |
||
adobe acrobat_reader 9.4.1 |
||
adobe acrobat 9.3.1 |
||
adobe acrobat 9.1.3 |
||
adobe acrobat 10.0 |
||
adobe acrobat_reader 10.0 |
||
adobe acrobat_reader 9.3.3 |
||
adobe acrobat_reader 9.3.2 |
||
adobe acrobat_reader 9.4.2 |
||
adobe acrobat 10.0.1 |
||
adobe acrobat 9.1 |
||
adobe acrobat 9.0 |
||
adobe acrobat 9.3 |
||
adobe acrobat_reader 10.0.1 |
||
adobe acrobat_reader 9.1 |
||
adobe acrobat_reader 9.1.2 |
||
adobe acrobat_reader 9.0 |
||
adobe acrobat 9.2 |
||
adobe acrobat 9.3.4 |
||
adobe acrobat 9.4 |
||
adobe acrobat 9.1.1 |
||
adobe acrobat_reader 9.2 |
||
adobe acrobat_reader 9.1.1 |
||
adobe acrobat_reader 9.1.3 |
||
adobe acrobat_reader 9.3.1 |
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...
With 2011 coming to its end, it makes sense to sit back and take a look at what’s been happening over the past 12 months in the IT Security world. If we had to summarize the year in a single word, I think it would have to be “explosive.” The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to come up with a Top-10 of security stories of 2011. What I was aiming for with this list was to remember the stories that also indicated maj...
The following statistics were compiled in March using data from computers running Kaspersky Lab products: We have already written on a number of occasions that criminals are not averse to exploiting tragedies, and the Japanese earthquake and tsunami, plus the death of Elizabeth Taylor, did nothing to buck this trend. Thousands of people in Japan have lost loved ones and have been left homeless, while the world looks on in trepidation as events unfold at the Fukushima nuclear plant. But that hasn...
Adobe released its fix for CVE-2011-0609 this afternoon, making good on last week’s advisory dealing with the latest Flash zero-day. Kaspersky Lab products detected the variants as “Trojan-Dropper.MSExcel.SWFDrop” this past week. While we questioned the usefulness of Flash functionality within Excel spreadsheet cells last week, attackers were sending out emails containing just these sorts of files. Our Kaspersky Security Network statistics saw very low numbers spread out across the globe, ...
Adobe today released an advisory to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat. This critical vulnerability has been assigned CVE-2011-0609. Currently seen attacks work through a malicious SWF file which is embedded inside an Excel file. The target must open a malicious XLS file for a vulnerability in Flash to be exploited. This kind of structure is a perfect setup for targeted attacks. And not surprisingly, targeted attacks have...
Limited attacks under way
Adobe Systems plans to release emergency patches for its Flash and Reader applications after learning a critical vulnerability is being exploited to install malware on vulnerable machines. The out-of-cycle patches for Adobe Flash Player 10 and Acrobat and Reader versions 9, 10, and X will arrive during the week March 21, the company said on Monday. The updates will cover all versions of those programs except for Reader X for Windows, which ships with a security sandbox that blocks the exploits A...