MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY

MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY
 

MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY

 

MS-ISAC ADVISORY NUMBER:

2013-059

 

DATE ISSUED:

05/11/2013

 

SUBJECT:

Vulnerabilities in Adobe Flash Player Could Allow For Remote Code Execution (APSB13-16)

 

OVERVIEW:

Vulnerabilities have been discovered in Adobe Flash Player that could allow an attacker to take control of the affected system. Adobe Flash Player is a multimedia application for multiple platforms.

 

Successful exploitation could result in an attacker executing code on the vulnerable system. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.

 

SYSTEMS AFFECTED:

 

·        Flash Player 11.7.700.202 and earlier versions for Windows      

·        Flash Player 11.7.700.203 and earlier versions for Macintosh

·        Flash Player 11.2.202.285 and earlier for Linux

·        Flash Player 11.1.115.58 and earlier for Android 4.x

·        Flash Player 11.1.111.54 and earlier for Android 3.x and 2.x

 

RISK:

 

Government:

 

·        Large and medium government entities: High

·        Small government entities: High

 

Businesses:

 

·        Large and medium business entities: High

·        Small business entities: High Home users: High

 

DESCRIPTION:

 

Adobe Flash Player is prone to vulnerabilities that could allow for remote code execution. The update provided by Adobe resolves thirteen memory corruption vulnerabilities that could lead to remote code execution.

 

Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

RECOMMENDATIONS:

 

We recommend the following actions be taken:

 

·        Update Adobe Flash Player on vulnerable systems immediately after testing.

·        Users of Flash Player 11.7.700.202 and earlier versions for Windows Update to version 11.7.700.224         

·        Users of Flash Player 11.7.700.203 and earlier versions for Macintosh Update to version  11.7.700.225         

·        Users of Flash Player 11.2.202.285 and earlier for Linux Update to version 11.2.202.29

·        Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

·        Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

·        Inform and educate users regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

 

REFERENCES:

 

Adobe:

 

http://www.adobe.com/support/security/bulletins/apsb13-16.html

 

CVE:

 

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3343

 

Multi-State Information Sharing and Analysis Center Center for Internet Security

31 Tech Valley Drive, Suite 2

East Greenbush, NY 12061

(518) 266-3460

1-866-787-4722

soc@msisac.org

 

TLP:WHITE

Traffic Light Protocol (TLP): WHITE information may be distributed without restriction, subject to copyright controls.

http://www.us-cert.gov/tlp/

 

 

Shared from Google Keep

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s