An unpatched vulnerability has been identified in all current versions of Adobe Flash player. A patch for the vulnerability is scheduled to be released during the week of March 21. The vulnerability can be exploited if a user opens an Excel file that has been embedded with a specially crafted flash file (that is included in an e-mail as an attachment). As always, please caution your customers to not open attachments in e-mails they are not expecting or are not from individuals they know.
See the following URL for additional information:
Secunia Advisory SA43751
Adobe Flash Player Unspecified Code Execution Vulnerability
Criticality level Extremely critical
Impact System access
Where From remote
A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an unspecified error. Further information is currently not available.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in versions 10.2.152.33 and prior for Windows, Macintosh, Linux, and Solaris, versions 10.2.154.18 and prior for Chrome, and versions 10.1.106.16 and prior for Android.
NOTE: The vulnerability is reportedly being actively exploited.
Adobe plans to release a fixed version during the week of March 21, 2011.
Provided and/or discovered by
Reported as a 0-day.
Update – March 22
The updated version of Flash is 10.2.153.1
Updated versions of Flash for Windows and other platforms can be downloaded from http://www.adobe.com/support/security/bulletins/apsb11-05.html