The advisory states in part: There are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.
Critical vulnerabilities have been identified in Adobe Flash Player 10.2.159.1 and earlier versions (Adobe Flash Player 10.2.154.28 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51 and earlier versions for Android. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Action Required: Ag IT recommends that you update the Adobe Flash Player on your Enterprise machine (or other devices that use Adobe Flash) to mitigate the effects of malicious SWF (Flash) files that you might view in your web browser, Word, or Excel file.
For steps, see our How To Install Updates to Adobe Flash Player, http://agsci.psu.edu/it/how-to/install-updates-to-adobe-flash-player.
Note: If you use multiple browsers, perform the check for each browser you have installed on your computer.
Note: Additional help can be found at Adobe Support:
- Troubleshoot Flash Player installation | Windows
- Troubleshoot Flash Player | Mac OS
- Flash Player doesn't work | Windows 7