CVE-2011-0611

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 10.2.154.27 Adobe AIR versions prior to 2.6.19140 Adobe Reader 9.x versions prior to 9.4.4 and 10.x versions prior to 10.0.1 on Windows, and prior to 10.0.3 on Mac OS X Adobe Acrobat 9.x versions prior to 9.4.4 and 10.x versions prior to 10.0.3 on Windows and Mac OS X

Description The issue is related to a buffer overflow in the Authplay.dll library when incompatible data types are used, allowing a remote attacker to execute arbitrary code or cause a denial of service via crafted Flash content, such as a Microsoft Office document with an embedded .swf file containing size inconsistencies, object type confusion, and malicious ActionScript. This issue has been exploited in the wild.

Recommendations For Adobe Flash Player versions prior to 10.2.154.27, update to version 10.2.154.27 or later. For Adobe AIR versions prior to 2.6.19140, update to version 2.6.19140 or later. For Adobe Reader 9.x versions prior to 9.4.4 and 10.x versions prior to 10.0.1 on Windows, and prior to 10.0.3 on Mac OS X, update to the respective fixed versions or later. For Adobe Acrobat 9.x versions prior to 9.4.4 and 10.x versions prior to 10.0.3 on Windows and Mac OS X, update to the respective fixed versions or later. As a temporary workaround, consider disabling the use of Flash content in Adobe Reader and Adobe Acrobat until the issue is resolved.