HighIBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This event looks for the transfer of a compound file (for instance, a Microsoft Office document) that appears to embed a SWF file that creates another SWF file. This represents a suspicious condition which may be used to obfuscate an attack.
High
IBM Security Server Protection for Windows: 2.1.14.2625, Proventia Network MFS: XPU 31.031, Proventia-G 1.1 and earlier: XPU 31.031, Proventia Network IDS: XPU 31.031, RealSecure Server Sensor: XPU 31.031, RealSecure Network: XPU 31.031, Proventia Desktop: 2625, Proventia Network IPS: XPU 31.031, Proventia Server IPS for Linux technology: 31.031, Virtual Server Protection for Vmware: XPU 31.031
Sun Solaris: 10, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Adobe Flash Player: 10.0.12.10, Adobe Flash Player: 10.0.0.584, Adobe Flash Player: 10.0.12.36, Adobe Acrobat: 9.0 Standard, Adobe Acrobat: 9.0, Adobe Reader: 9.0, Adobe Reader: 9.1, Adobe Acrobat: 9.1, Adobe Reader: 9.1.1, Adobe Acrobat: 9.1.1, Adobe Acrobat: 9.0.0, Adobe Acrobat: 9.1 Standard, Adobe Acrobat: 9.1.2, Adobe Reader: 9.1.2, Adobe Flash Player: 10.0.22.87, Adobe Acrobat: 9.1.3, Adobe Reader: 9.1.3, Adobe Flash Player: 10.0.32.18, Adobe Acrobat: 9.2, Adobe Reader: 9.2, Adobe Reader: 9.3.1, Adobe Acrobat: 9.3, Adobe Acrobat: 9.3.1, Adobe Reader: 9.3.2, Adobe Acrobat: 9.3.2, Adobe Reader: 9.3.3, Adobe Acrobat: 9.3.3, Adobe Reader: 9.3.4, Adobe Acrobat: 9.3.4, Adobe Acrobat: 9.4, Adobe Reader: 9.4, Adobe Flash Player: 10.1.85.3, Adobe Flash Player: 10.1.95.2, Adobe Flash Player: 10.1.102.64, Google Chrome: 10.0.648.82, Adobe Flash Player: 10.2.154.13, Adobe Flash Player: 10.2.152.33, Adobe Flash Player: 10.2.152.21, RedHat Enterprise Linux Server Supplementary : 6, RedHat Enterprise Linux Workstation Supplementary : 6, RedHat Enterprise Linux Desktop Supplementary : 6
Unauthorized Access Attempt
Adobe Flash Player, as bundled in multiple products, could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the Flash Player authplay.dll component. By persuading a victim to open a specially-crafted Flash (.swf) file embedded in a Microsoft Excel (.xls) file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.
Refer to APSA11-01 for patch, upgrade or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
APSA11-01
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html
Google Chrome Releases Web site
Stable and Beta Channel Updates
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html
IBM Security Solutions Protection Alert
Adobe Flash Player authplay.dll code execution
http://www.iss.net/threats/417.html
Offensive Security Exploit Database [03-23-2011]
Adobe Flash Player AVM Bytecode Verification
http://www.exploit-db.com/exploits/17027/
Sun Security Blog, Aug 16, 2011
CVE-2005-1740 Vulnerability in Net-snmp
http://blogs.oracle.com/sunsecurity/entry/cve_2005_1740_vulnerability_in
ISS X-Force
Adobe Flash Player authplay.dll code execution
http://www.iss.net/security_center/static/66078.php
CVE
CVE-2011-0609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0609