OS/Platform/Application:

Adobe Flash Player

(on Windows systems using Internet Explorer only)

Category: ALERT
Severity: HIGH
Attention: Adobe Products Users, System Administrators, Desktop Support Personnel

Summary: Adobe systems has released a security advisory that details a new vulnerability in its popular Flash Player application.  The vulnerability only affects Windows machines using Internet Explorer as the current web browser.  The most likely mechanism of exploitation is the opening of a maliciously-crafted PDF file or browsing of a maliciously-crafted web page.  Successful exploitation could result in complete takeover of a vulnerable computer. 

Recommended Actions: At the time of this writing (7:50 AM 7/29/09) No patch has been made available from the vendor.   Adobe is stating that a fix for this issue (and also for other vulnerabilities in Acrobat, Reader, and Flash Player) is scheduled for release on July 30 2009. 

Readers are encouraged not to follow website links from untrusted resources or to view unknown or untrusted websites until the fix has been installed on their systems.  Users may use an alternative (non Internet Explorer) web browser to mitigate this threat.  Users are highly encouraged to read the security advisory below and to install the patches for Flash Player as well as Acrobat and Reader when they are made available from Adobe Systems on July 30.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Adobe Security Advisory:
http://www.adobe.com/support/security/advisories/apsa09-04.html

ALARM Alert 072309-02 (provides information on other recent Adobe advisories and proposed fix schedule):
http://www.albany.edu/its/alerts_archive_2009_4059.htm

Adobe Products Download Page:
http://www.adobe.com/products/