CIS CYBER SECURITY ADVISORIES
MS-ISAC CYBER SECURITY ADVISORY NUMBER:
Multiple Vulnerabilities in Adobe Flash Player Could Allow For Remote Code Execution (APSB12-14)
Multiple vulnerabilities have been discovered in Adobe Flash Player that could allowattackers to take complete control of affected systems. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation could result in an attacker gaining the same privileges as thelogged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.
- Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh and Linux operating systems
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 4.x, and
- Adobe AIR 126.96.36.1990 and earlier versions for Windows, Macintosh and Android
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
Adobe Flash Player is prone to six vulnerabilities that could allow for remote code execution and one unspecified security bypass vulnerability that could lead to information disclosure.
- Two memory corruption vulnerabilities (CVE-2012-2034, CVE-2012-2037)
- One stack overflow vulnerability (CVE-2012-2035)One integer overflow vulnerability (CVE-2012-2036)
- One security bypass vulnerability (CVE-2012-2038)
- One null dereference vulnerability (CVE-2012-2039)
- One binary planting vulnerability (CVE-2012-2040)
Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Failed exploit attempts will likely result in denial-of-service conditions.
Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 19.0.1084.56, which includes Adobe Flash Player 11.3.300.257
We recommend the following actions be taken:
- Users of Adobe Flash Player 188.8.131.52 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.257.
- Users of Adobe Flash Player 184.108.40.206 and earlier versions for Linux should update to Adobe Flash Player 220.127.116.11.
- Users of Adobe Flash Player 18.104.22.168 and earlier versions on Android 4.x devices should update to Adobe Flash Player 22.214.171.124.
- Users of Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and earlier versions should update to Flash Player 188.8.131.52.
- Users of Adobe AIR 184.108.40.2060 for Windows, Macintosh and Android should update toAdobe AIR 220.127.116.1110.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to download or open files from un-trusted websites.
- Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
- Remind users not to click links from unknown sources, or to click links without verifying the intended destination.Consider implementing file extension whitelists for allowed e-mail attachments.