March 15, 2011

New 0-day Vulnerability in Adobe Flash Player (CVE-2011-0609)

Elad Sharf Security Researcher

Websense® Security Labs™ has received reports of a new zero-day exploit that targets Adobe Flash Player (CVE-2011-0609). The vulnerability can potentially allow an attacker to execute malicious code on a targeted machine and has been spotted in a limited number of targeted attacks. The targeted attacks employed an Excel file with an embedded vulnerable Flash file (.swf) with the aim of executing unsolicited malicious code on the targeted machines.


The security advisory released by Adobe marks the vulnerability as "critical" and it affects all the latest versions of Adobe Flash Player. The vulnerability also exists in Adobe Acrobat Reader and Adobe Acrobat Reader X as the vulnerable DLL file "authplay.dll" is also shipped with those versions. However, Adobe Acrobat X can mitigate this kind of vulnerability from executing, thanks to its sandbox functionality - so in that respect, it's highly recommended to upgrade to that version if possible. 

Adobe plans to patch this vulnerability with an update to Flash Player that will be available for all platforms on the 21st of March. 

Currently, we're not seeing any wide-spread attacks in the wild that utilize this vulnerability, much of that is because the exploit details aren't publicly disclosed, but we're monitoring the situation and will keep you updated as related events unfold.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.