=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN195
_____________________________________________________________________

DATE                      : 07/06/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems Running Flash Player, Adobe Reader,
                             Adobe Acrobat.

======================================================================
http://www.adobe.com/support/security/advisories/apsa10-01.html
______________________________________________________________________

Security Advisory for Flash Player, Adobe Reader and Acrobat

Release date: June 4, 2010

Vulnerability identifier: APSA10-01

CVE number: CVE-2010-1297

Platform: All
Summary

A critical vulnerability exists in Adobe Flash Player 10.0.45.2
and earlier versions for Windows, Macintosh, Linux and Solaris
operating systems, and the authplay.dll component that ships with
Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX
operating systems. This vulnerability (CVE-2010-1297) could cause
a crash and potentially allow an attacker to take control of the
affected system. There are reports that this vulnerability is being
actively exploited in the wild against both Adobe Flash Player, and
Adobe Reader and Acrobat. This advisory will be updated once a
schedule has been determined for releasing a fix.


Affected software versions

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x
versions for Windows, Macintosh, Linux and Solaris Adobe Reader and
Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX

Note:
The Flash Player 10.1 Release Candidate available at
http://labs.adobe.com/technologies/flashplayer10/ does not appear to
be vulnerable.


Adobe Reader and Acrobat 8.x are confirmed not vulnerable.


MItigations

Adobe Flash Player
The Flash Player 10.1 Release Candidate available at
http://labs.adobe.com/technologies/flashplayer10/ does not appear to
be vulnerable.

Adobe Reader and Acrobat
Deleting, renaming, or removing access to the authplay.dll file that ships
with Adobe Reader and Acrobat 9.x mitigates the threat for those products,
but users will experience a non-exploitable crash or error message when
opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows
is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll
for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll
for Acrobat.


Severity rating

Adobe categorizes this as a critical issue.


Details

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and
earlier versions for Windows, Macintosh, Linux and Solaris operating systems,
and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x
for Windows, Macintosh and UNIX operating systems. This vulnerability
(CVE-2010-1297) could cause a crash and potentially allow an attacker to
take control of the affected system. There are reports that this vulnerability
is being actively exploited in the wild against both Adobe Flash Player,
and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate available at
http://labs.adobe.com/technologies/flashplayer10/ does not appear to be
vulnerable.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigation is
available for Adobe Reader and Acrobat 9.x customers as detailed above.

Adobe actively shares information about this and other vulnerabilities with
partners in the security community to enable them to quickly develop detection
and quarantine methods to protect users until a patch is available. As always,
Adobe recommends that users follow security best practices by keeping their
anti-malware software and definitions up to date.

This advisory will be updated once a schedule has been determined for releasing
a fix. Users may monitor the latest information on the Adobe Product Security
Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt
or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================