Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Thu, 28 Oct 2010 17:35:06 +0200
Type : VULN
Sujet : CERT-Renater : 2010/VULN428 (Adobe: Security Alert for Adobe Flash Player, Adobe Reader and Acrobat)
====================================================================                                   CERT-Renater

                        Note d'Information No. 2010/VULN428
_____________________________________________________________________

DATE                      : 28/10/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Adobe Flash Player versions 10.1.85.3
                             and earlier, Adobe Reader versions 9.4 and earlier,
                             Adobe Acrobat versions 9.4 and earlier,
                             Adobe Flash Player 10.1.95.2 and earlier for Android.

======================================================================
http://www.adobe.com/support/security/advisories/apsa10-05.html
______________________________________________________________________

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat

Release date: October 28, 2010

Vulnerability identifier: APSA10-05

CVE number: CVE-2010-3654

Platform: All Platforms


Summary

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and
earlier versions for Windows, Macintosh, Linux and Solaris operating
systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android;
and the authplay.dll component that ships with Adobe Reader 9.4 and
earlier 9.x versions for Windows, Macintosh and UNIX operating systems,
and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh
operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially
allow an attacker to take control of the affected system. There are
reports that this vulnerability is being actively exploited in the wild
against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of
attacks targeting Adobe Flash Player.

We are in the process of finalizing a fix for the issue and expect to
provide an update for Flash Player 10.x for Windows, Macintosh, Linux,
and Android by November 9, 2010. We expect to make available an update
for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the
week of November 15, 2010.

Affected software versions

    * Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh,
Linux and Solaris operating systems
    * Adobe Flash Player 10.1.95.2 and earlier for Android
    * Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX*
    * Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh*

*Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Adobe
Reader for Android is not affected by this issue.

Mitigations

Adobe Reader and Acrobat 9.x - Windows
Deleting, renaming, or removing access to the authplay.dll file that
ships with Adobe Reader and Acrobat 9.x mitigates the threat for those
products, but users will experience a non-exploitable crash or error message
when opening a PDF file that contains Flash (SWF) content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows
is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll
for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll
for Acrobat.

Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

Adobe Reader 9.x - UNIX
1) Go to installation location of Reader (typically a folder named Adobe).
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).
3) Remove the library named "libauthplay.so.0.0.0."


Severity rating

Adobe categorizes this as a critical issue.


Details

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier
versions for Windows, Macintosh, Linux and Solaris operating systems;
Adobe Flash Player 10.1.95.2 and earlier versions for Android;
and the authplay.dll component that ships with Adobe Reader 9.4 and
earlier 9.x versions for Windows, Macintosh and UNIX operating systems,
and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and
Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially
allow an attacker to take control of the affected system. There are reports
that this vulnerability is being actively exploited in the wild against
Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks
targeting Adobe Flash Player.

Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigation
is available for Adobe Reader and Acrobat 9.x customers as detailed above.
Adobe Reader for Android is not affected by this issue.

We are in the process of finalizing a fix for the issue and expect to provide
an update for Adobe Flash Player 10.x for Windows, Macintosh, Linux and Android
by November 9, 2010. We expect to make available an update for Adobe Reader and
Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010.

Users may monitor the latest information on the
Adobe Product Security Incident Response Team blog at the following
URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here:
http://blogs.adobe.com/psirt/atom.xml.

Adobe actively shares information about this and other vulnerabilities with
partners in the security community to enable them to quickly develop detection
and quarantine methods to protect users until a patch is available. As always,
Adobe recommends that users follow security best practices by keeping their
anti-malware software and definitions up to date.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================