News

Adobe warns of Flash Player zero-day exploit via Word document

SearchSecurity.com Staff

Adobe Systems Inc. has issued a security advisory notifying users of a serious Flash Player zero-day exploit that could be used by attackers to gain complete control of a system. The software maker warns that ongoing

    Requires Free Membership to View

attacks are spreading using a malicious Microsoft Word document.  

The flaw affects Adobe Flash Player for Windows, Macintosh, Linux and Solaris as well as Flash Player for Android and Chrome users. In the security advisory issued Monday, Adobe said the vulnerability could cause a crash, setting up a condition that could potentially allow an attacker to execute malicious code on an affected system. 

In addition a component in Adobe Reader and Acrobat X for Windows, Macintosh and Unix systems contains a vulnerability, Adobe said. The issue is in the Windows Authplay.dll component shipping with the latest version of Adobe Reader and Acrobat X.

“There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment,” Adobe said. “At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.”

Adobe said the threat to Reader X users is significantly lower because this issue does not bypass Adobe Reader Protected Mode.

Adobe has not ruled out an out-of-band update to fix the vulnerabilities. Engineers are still testing an update to Flash Player for Windows, Macintosh, Linux, Solaris and Android. The company is also still readying an update for Adobe Reader and Acrobat.

Adobe Reader X for Windows will be updated during the next quarterly security update  scheduled for June 14.

Adobe’s last official update was March 21, when it repaired a Flash Player vulnerability being targeted by attackers using Microsoft Excel files. Adobe also repaired a security problem that affects the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: