ITSS-Advisory : MEDIUM : Adobe : Flash Player : Arbitrary Code Execution

THREAT LEVEL
============
Medium.

INFORMATION
===========
On 22 July 2009, Adobe released a bulletin describing a vulnerability in
Adobe Flash Player software. Accessing a maliciously crafted file could
result in arbitrary code execution on an affected system.

Adobe Flash files may be accessed by browsing to a website or via an
application such as Adobe Reader or Adobe Acrobat.

At present, there is no known official fix for this vulnerability. Adobe
estimates a fix for this vulnerability to be available around 30 July 2009.

More information is available at:
[http://www.adobe.com/support/security/advisories/apsa09-03.html]
[http://www.kb.cert.org/vuls/id/259425]

This vulnerability is currently being actively exploited.

AFFECTED PLATFORMS
==================
Computers of various operating systems running:
- Adobe Flash Player versions 9.0.159.0 and prior or 10.0.22.87 and prior
- Adobe Acrobat and Adobe Reader version 9.x

ACTION
======
Please advise users to exercise caution before browsing to websites or
accessing PDF files. Administrators should evaluate the effectiveness,
implementation and possible "undoing" of the mitigation measures described
in the bulletins before implementing any mitigation measures.