Adobe Flash contains a vulnerability in authplay.dll when handling crafted flash content. Successful exploitation could cause denial of service conditions (i.e. application crash) or arbitrary code execution. Adobe Flash is embedded within Adobe Reader and Adobe Acrobat, and they are also vulnerable. There are reports of this vulnerability being actively exploited in-the-wild. A patch was released for Adobe Flash however the vulnerability still exists in Adobe Reader and Adobe Acrobat.
Reader/Acrobat 9.4 and prior 9.x versions for Windows, Mac OS X, and UNIX.
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- Retina Audit ID 13695 - Adobe Reader/Acrobat Embedded Flash Content Vulnerability (Zero-Day) - UNIX
Apply appropriate vendor patches.