Adobe Security Vulnerability Under Attack

 
 
By Brian Prince  |  Posted 2010-06-05 Print this article Print
 
 
 
 
 
 
 

Adobe Systems is warning users about a zero-day bug affecting Adobe Reader, Flash Player and Acrobat that is actively being exploited by attackers.

According to Adobe, the vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris, as well as the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Mac and Unix operating systems.

If exploited, the vulnerability (CVE-2010-1297) could cause systems to crash and potentially allow attackers to execute code and take control of the affected system. Users looking for a quick fix can delete, rename or remove access to the authplay.dll file in Adobe Reader and Acrobat 9.x, but doing so means they will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The file is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat, according to Adobe.

The Flash Player 10.1 Release Candidate does not appear to be vulnerable, and Adobe Reader and Acrobat 8.x have been confirmed to be unaffected.

The company said it will update the advisory when it has determined a schedule for releasing a patch.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel