Executive Summary

Title Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products
Name TA09-204A First vendor Publication 2009-07-23
Vendor US-CERT Last vendor Modification 2009-07-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores


Adobe has released Security advisory APSA09-03, which describes a vulnerability affecting Adobe Flash. Other Adobe applications that include the Flash runtime, such as Adobe Reader 9, are also affected.

I. Description

Adobe Security Advisory APSA09-03 describes a vulnerability affecting the Adobe Flash player. Flash player version
and earlier 10.x versions as well as Flash player version
and earlier 9.x versions are affected.

An attacker could exploit this vulnerability by convincing a user to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected. An attacker could also create a PDF document that has an embedded SWF file to exploit the vulnerability.

This vulnerability is being actively exploited.

II. Impact

This vulnerability allows a remote attacker to execute arbitrary code as the result of a user viewing a web page or opening a PDF document.

III. Solution

These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist websites that can access the Flash plugin.
For more information about securely configuring web browsers, please see the Securing Your Web Browser document. US-CERT Vulnerability Note VU#259425 has additional details, as well as information about mitigating the PDF document attack vector.

Thanks to Department of Defense Cyber Crime Center/DCISE for information used in this document.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA09-204A.html