Products

Services and Support

Threat Center

Visit our Threat Center

Check Point IPS Provides Immediate Network Protection for Multiple Critical Adobe Vulnerabilities

Summary

Adobe has released two Security Bulletins that discuss a number of Adobe Flash, Acrobat, and Reader vulnerabilities. All of these issues could be exploited by a remote attacker to allow execution of arbitrary and potentially malicious code on a targeted system.

Details

Adobe Flash Player is a multimedia and application player that renders Shockwave Flash (SWF) files. Adobe Reader and Acrobat are applications developed by Adobe Systems that are used to view, create, manipulate and manage Portable Document Format (PDF) files.

The following tables list the vulnerabilities discussed by each Adobe Security Bulletin, along with the associated CVE number and Check Point protection.

APSB11-02: Adobe Flash Player

Vulnerability Description	Industry Reference	Check Point Protection
Nvapi.dll library loading issue	CVE-2011-0575	CPAI-2011-026
ActionScript memory corruption	CVE-2011-0561	CPAI-2011-029
ActionScript memory corruption	CVE-2011-0574	CPAI-2011-030
ActionScript integer overflow	CVE-2011-0558	CPAI-2011-031
ActionScript ActionIf Memory Corruption	CVE-2011-0560	CPAI-2011-062
ActionScript ASnative Memory Corruption	CVE-2011-0559	CPAI-2011-058

ABSB11-03: Adobe Acrobat and Reader

Vulnerability Description	Industry Reference	Check Point Protection
d3dref9.dll insecure library loading	CVE-2011-0588	CPAI-2011-027
Insecure library loading by embedded PDF	CVE-2011-0562	CPAI-2011-028
U3D Texture BMP buffer overflow	CVE-2011-0599	CPAI-2011-032
Cross-site scripting via crafted URI action	CVE-2011-0587	CPAI-2011-033
Memory corruption via invalid field flags values	CVE-2011-0589	CPAI-2011-034
Memory corruption via malformed IFF file	CVE-2011-0590	CPAI-2011-035
Integer overflow via malformed ICC data	CVE-2011-0598	CPAI-2011-036
Cross-site scripting via external entity declaration	CVE-2011-0604	CPAI-2011-038
JPEG 2000 Embedded in PDF File Memory Corruption	CVE-2011-0602	CPAI-2011-061
Encoded CCITT Decompression Heap Overflow	CVE-2011-0567	CPAI-2011-060
Image Texture Malformed RGBA File Memory Corruption	CVE-2011-0591	CPAI-2011-059
Image Texture Malformed PSD File Memory Corruption	CVE-2011-0593	CPAI-2011-057
Image Texture Malformed BMP File Memory Corruption	CVE-2011-0592 CVE-2011-0596	CPAI-2011-056

Affected Products

Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris
Adobe Flash Player 10.1.106.16 and earlier versions for Android
Adobe Reader X (10.0) for Windows and Macintosh
Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX
Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh

Solution

The Check Point IPS Software Blade provides network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to leverage them. Consult the Check Point Protection links above for more information.

Originally Published:

Last Updated: 08-Mar-2011

Legal Notice for Threat Center Advisories