14 DAY TRIAL // The US. Computer Emergency Readiness Team (US-CERT) and the National Institute of Standards and Technology (NIST) found two critical vulnerabilities in the latest version of Adobe’s Flash Player which could allow remote attackers to execute arbitrary code with the use of a maliciously crafted SWF file.
According to an advisory, Adobe Flash Player 11.1.102.55 for Windows and Mac OS X are susceptible to such an attack.
A group of researchers from Intevydis found the bugs with the aid of their VulnDisco Step Ahead, a piece of software designed to help companies discover security flaws in their systems.
Adobe’s position on the issue is not yet known, but the Intevydis CEO Eugene Legerov says that the exploit bypasses DEP and ASLR and it works on browsers such as Firefox, Chrome and Internet Explorer.