Check Point Provides Network Protection Against Multiple Adobe Flash Player Vulnerabilities
( Adobe Security Bulletin APSB11-21 )
Summary
Twelve vulnerabilities have been discovered in Adobe's Flash Player application, with eight being ranked as Critical in severity and four ranked as High. Any one of these issues can be exploited by a remote attacker to allow him to execute arbitrary and potentially malicious code on the targeted system.
Affected Products
Adobe Flash Player 10.3.181.34 and earlier versions are affected by this issue.
Solution
Check Point recommends applying the update described in APSB11-21 to all systems that have Adobe Flash Player installed as soon as is practical. In the meantime, Check Point's IPS Software Blade provides immediate network protection in the latest IPS update by detecting and blocking attempts to exploit these vulnerabilities. The following table lists each vulnerability as well as its severity, standard industry reference, and Check Point protection.
| Flash Player Vulnerability | Severity | Industry Reference | Check Point Protection |
|---|---|---|---|
| BitmapData Memory Corruption | Critical | CVE-2011-2425 | CPAI-2011-397 |
| CFF DefineFont4 GSUB Data Memory Corruption | Critical | CVE-2011-2417 | CPAI-2011-396 |
| ActionScript LoadClip Cross-Site Scripting | Critical | CVE-2011-2139 | CPAI-2011-395 |
| ActionScript Image Scroll Code Execution | Critical | CVE-2011-2138 | CPAI-2011-394 |
| ActionScript3 Integer Overflow | Critical | CVE-2011-2416 | CPAI-2011-393 |
| ActionScript3 Memory Corruption | Critical | CVE-2011-2415 | CPAI-2011-392 |
| ActionScript3 Heap Buffer Overflow | Critical | CVE-2011-2137 | CPAI-2011-391 |
| ActionScript3 Buffer Overflow | Critical | CVE-2011-2136 | CPAI-2011-390 |
| External MP4 Buffer Overflow | High | CVE-2011-2140 | CPAI-2011-389 |
| ActionScript3 Movie Canvas Memory Corruption | High | CVE-2011-2135 | CPAI-2011-388 |
| ActionScript2 Record Out Of Boundary | High | CVE-2011-2414 | CPAI-2011-387 |
| ActionScript3 RegExp Memory Corruption | High | CVE-2011-2134 | CPAI-2011-386 |
Originally Published:
Last Updated: 17-Aug-2011