Bug 600692 (CVE-2010-1297)

Summary: CVE-2010-1297 acroread, flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: jkoten, jrb, mkasik, stransky, tao
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.adobe.com/support/security/advisories/apsa10-01.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-25 16:04:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 602582, 602721, 602722    
Bug Blocks:    

Description Jan Lieskovsky 2010-06-05 16:40:29 UTC 
Adobe published an advisory:
  [1] http://www.adobe.com/support/security/advisories/apsa10-01.html

detailing information about one critical vulnerability (from [1]):
===================================================================

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier
versions for Windows, Macintosh, Linux and Solaris operating systems, and
the  authplay.dll component that ships with Adobe Reader and Acrobat 9.x
for Windows,  Macintosh and UNIX operating systems. This vulnerability 
(CVE-2010-1297) could  cause a crash and potentially allow an attacker to
take control of the affected  system. There are reports that this
vulnerability is being actively exploited in the wild against both Adobe
Flash Player, and Adobe Reader and Acrobat. This advisory will be updated
once a schedule has been determined for releasing a fix.

Affected versions:
==================

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x
versions for Windows, Macintosh, Linux and Solaris

Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions
for Windows, Macintosh and UNIX

Note:
-----

The Flash Player 10.1 Release Candidate available at http://labs.adobe.com
/technologies/flashplayer10/ does not appear to be vulnerable. 

Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

Mitigation steps:
=================

* Adobe Flash Player

The Flash Player 10.1 Release Candidate available at http://labs.adobe.com
/technologies/flashplayer10/ does not appear to be vulnerable.

* Adobe Reader and Acrobat

Deleting, renaming, or removing access to the authplay.dll file that ships
with Adobe Reader and Acrobat 9.x mitigates the threat for those products,
but users will experience a non-exploitable crash or error message when
opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows
is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll
for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll
for Acrobat.

Red Hat Security Response Team statement:
=========================================

The Red Hat Security Response Team is aware and monitoring progress
on this flaw, cooperating with Adobe Product Security Incident
Response Team and once further information is available regarding
availability of updates, will immediately react to ensure this flaw
will be addressed in a timely manner.
Comment 2 Jan Lieskovsky 2010-06-07 18:46:34 UTC 
Adobe has updated mitigation steps for the issue in acroread:
  [1] http://www.adobe.com/support/security/advisories/apsa10-01.html

Adobe Reader - UNIX
1) Go to installation location of Reader (typically a folder named Adobe)
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris)
3) Remove the library named "libauthplay.so.0.0.0"
Comment 9 Jan Lieskovsky 2010-06-11 11:22:35 UTC 
This issue affects the versions of the flash-plugin package,
as shipped with Red Hat Enterprise Linux 3, 4, and 5.
Comment 17 errata-xmlrpc 2010-06-11 16:32:16 UTC 
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0464 https://rhn.redhat.com/errata/RHSA-2010-0464.html
Comment 20 Jan Lieskovsky 2010-06-15 14:51:28 UTC 
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4

Via RHSA-2010:0470 https://rhn.redhat.com/errata/RHSA-2010-0470.html
Comment 27 errata-xmlrpc 2010-06-30 17:47:48 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0503 https://rhn.redhat.com/errata/RHSA-2010-0503.html