Adobe.Flash.Player.Tag.Memory.Corruption

Description

The Adobe Flash Player is software for viewing multimedia, Rich Internet Applications and streaming video and audio, on a computer web browser or on supported mobile devices.
A memory corruption vulnerability is identified in the application, which is due to a insufficient data validation while processing a multimedia file. By enticing a user to view a specially crafted media file, an remote can corrupt the memory space of the running process. The exploitation could allow a remote attacker to execute arbitrary code under the context of the running user and perform various payloads ranging from sensitive information retrieval to software installation. This vulnerability was published in Common Vulnerabilities and Exposures List. (CVE-2011-0607)
Adobe has released version 10.1.102.64 to address this issue.

Affected Products

Adobe Flash Player before 10.1.102.64

Impact

The vulnerable system can be compromised by a remote attacker to retrieve content or change application configuration on the system so that there is a risk of creating a denial of service scenario ,exposing sensitive information or executing arbitrary code.

Recommended Actions

Please update to version 10.1.102.64.
For FortiGate IPS user, turning IPS signature Adobe.Flash.Player.Tag.Memory.Corruption can prevent exploitation of this vulnerability.

References