CIS CYBER SECURITY ADVISORIES

MS-ISAC CYBER SECURITY ADVISORY NUMBER:
2010-067 Updated

DATE(S) ISSUED:
8/11/2010
8/20/2010 - Updated

SUBJECT:
Multiple Vulnerabilities Discovered in Adobe Products

ORIGINAL OVERVIEW:

Six vulnerabilities have been discovered in Adobe Flash Player and Adobe AIR. Adobe Flash Player is a widely distributed multimedia and application player for Microsoft Windows, Mozilla, and Apple systems. Adobe AIR is a cross-platform runtime for developing Internet applications on the desktop. These vulnerabilities can be exploited if a user visits a website hosting malicious content or opens an email attachment containing Flash media designed to exploit these vulnerabilities.

Successful exploitation of five of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The remaining vulnerability could allow an attacker to obtain confidential information.

UPDATED OVERVIEW:
Adobe has released new security updates which indicate that the vulnerabilities described in this advisory also affect Adobe Reader and Adobe Acrobat. This is due to these products supporting Flash content.

SYSTEMS AFFECTED:

  • Adobe Flash Player 10.1.53.64 and earlier
  • Adobe AIR 2.0.2.12610 and earlier

UPDATED SYSTEMS AFFECTED:

  • Adobe Reader 9.3.3 and earlier versions
  • Adobe Acrobat 9.3.3 and earlier versions

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: High

ORIGINAL DESCRIPTION:
Six vulnerabilities have been identified in Adobe Flash Player and Adobe AIR, which include remote code execution and click-jacking. These vulnerabilities can be exploited if a user visits a website hosting malicious content or opens an email attachment containing a Flash media file designed to trigger these issues. Details of these vulnerabilities are as follows:

  • Five vulnerabilities caused by unspecified Memory Corruption errors could result in remote code-execution.
  • A click-jacking vulnerability affecting Flash Player 10 on unspecified platforms. Click-jacking is a technique that involves embedding code or a script into a web page that tricks a user into performing unintended actions. This occurs when a user mistakenly clicks on a concealed link or when the user clicks on a button that triggers the malicious action.

Successful exploitation of these vulnerabilities could allow an attacker to gain the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

UPDATED DESCRIPTION:
Adobe has released new security updates which indicate that the vulnerabilities described in this advisory also affect Adobe Reader and Adobe Acrobat. This is due to these products supporting Flash content.

ORIGINAL RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply the appropriate updates which have been provided by Adobe to vulnerable systems immediately after appropriate testing.
  • Systems running Adobe Flash Player 10.1.53.64 and earlier versions should be updated to version 10.1.82.76.
  • Systems running Adobe AIR 2.0.2.12610 and earlier versions should be updated to version 2.0.3.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

UPDATED RECOMMENDATIONS:
We recommend the following action be taken:

  • Systems running Adobe Reader 9.3.3 and earlier versions should be updated to version 9.3.4.
  • Systems running Adobe Reader 8.2.3 and earlier versions should be updated to version 8.2.4.
  • Systems running Adobe Acrobat 9.3.3 and earlier versions should be updated to version 9.3.4.
  • Systems running Adobe Acrobat 8.2.3 and earlier versions should be updated to version 8.2.4.

ORIGINAL REFERENCES:

Adobe:
http://www.adobe.com/support/security/bulletins/apsb10-16.html

Security Focus:
http://www.securityfocus.com/bid/42361
http://www.securityfocus.com/bid/42362
http://www.securityfocus.com/bid/42363
http://www.securityfocus.com/bid/42364

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216

UPDATED REFERENCE:

Adobe:
http://www.adobe.com/support/security/bulletins/apsb10-17.html