Adobe has released a security advisory to alert users of a vulnerability affecting the following products:
- Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux, and Solaris
- Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users
- Adobe Flash Player 10.1.106.16 and earlier versions for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh.
Adobe has indicated that it expects to release a fix for this vulnerability during the week of March 21, 2011. In the interim, users and administrators are encouraged to implement the following workarounds to help reduce the risks.
- Disable Flash in the web browser as described in the Securing Your Web Browser document.
- Disable Flash and 3D & Multimedia support in Adobe Reader 9 and later.
- Prevent Internet Explorer from automatically opening PDF documents.
- Disable the displaying of PDF documents in the web browser.
- Enable DEP in Microsoft Windows.
- Utilize Microsoft EMET to enable runtime mitgations for Microsoft Internet Explorer and Excel.