Adobe Systems has issued a patch for a critical vulnerability in its Download Manager feature that could be exploited to potentially hijack Windows machines.
Adobe’s Download Manager is used to push security patches to Windows computers. It is intended for one-time use and removes itself from the computer after the machine is restarted. However, according to Aviv Raff, the security researcher who found the vulnerability, the feature can be abused to force users to download a vulnerable version of an Adobe product. This could be particularly troubling for a user who uninstalls Adobe software because of concerns about a zero-day, Raff argued in a blog post.
“This is not a far-fetched ‘what if,'” Raff wrote. “An attacker can force you to automatically download and install the vulnerable Adobe product, and then exploit the zero-day vulnerability in that product.”
In an advisory, Adobe recommended that users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine. From the Adobe advisory:
“Users who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below:⢠Ensure that the C:Program FilesNOS folder and its contents (“NOS files”) are not present on your system. (If the folder is present, follow the steps below to remove).⢠Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” is not present in the list of services.If the NOS files are found, the Adobe Download Manager issue can be mitigated by:⢠Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.OR⢠Clicking “Start” > “Run” and typing “services.msc”. Then deleting “getPlus(R) Helper” from the list of services.⢠Then delete the C:Program FilesNOS folder and its contents.“
Those who downloaded Adobe Reader or Adobe Flash Player after Feb. 23 do not need to take any action.