Palo Alto Networks Discovers Two Critical Vulnerabilities in Adobe Flash and Adobe Shockwave Players
Vulnerabilities Allow Attackers to Execute Code and Take Control of Systems
SUNNYVALE, Calif., Nov. 11, 2011 - Palo Alto Networksthe network security company, today announced that its Threat Research Team was credited with identifying two critical vulnerabilities - CVE-2011-2455 and CVE-2011-2125 - that affect multiple versions of Adobe Flash Player and Adobe Shockwave Player. Both vulnerabilities could lead to the potential execution of malicious code that allows attackers to take control of the system.
Vulnerable systems are susceptible to attacks via a buffer overflow vulnerability in the Dirapix.dll (CVE-2011-2125) or a memory corruption vulnerability (CVE-2011-2455). These vulnerabilities pertain to Adobe Shockwave Player 22.214.171.1240 and earlier Windows and Macintosh versions, Adobe Flash Player 126.96.36.199 and earlier versions for Windows, Macintosh, Linux and Solaris as well as Adobe Flash Player 188.8.131.52 and earlier versions for Android.
These vulnerabilities are the most recent in a long line of discoveries made by Palo Alto Networks Threat Research Team. The team has been credited with discovering several vulnerabilities this year, which brings the team's cumulative total to 16 Adobe Flash vulnerabilities since 2007.
The Palo Alto Networks Threat Research Team
The Palo Alto Networks Threat Research Team is active in the research community, aggressively pursuing both new vulnerability research and alleviation of all types of threats. The team has leveraged its expertise to uncover a string of critical and important vulnerabilities and have then worked with Adobe to make sure users are protected.
Enterprises using legacy security technology increasingly lack visibility into and control of application traffic. Palo Alto Networks' next-generation firewalls are unique in the industry in their ability to see and control applications, users and content - not just ports, IP addresses and packets. Palo Alto Networks' next-generation firewalls enable enterprises to create granular, business-relevant security policies and safely control applications instead of the block-or-nothing approach offered by traditional port-blocking firewalls.
About Palo Alto Networks
Palo Alto Networks is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content - by user, not just IP address - at up to 20Gbps with no performance degradation. Based on patent-pending App-ID technology, Palo Alto Networks firewalls accurately identify and control applications - regardless of port, protocol, evasive tactic or SSL encryption - and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect and to combat targeted malware with its WildFire service. For more information, visit www.paloaltonetworks.com.
Palo Alto Networks, "The Network Security Company," the Palo Alto Networks Logo, App-ID, GlobalProtect, and WildFire are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.