Vulnerability Research - Adobe Fixes Download Manager Flaw - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Adobe Fixes Download Manager Flaw

Written By
Brian Prince
Brian Prince
Feb 24, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Adobe Systems has issued a patch for a critical vulnerability in its Download Manager feature that could be exploited to potentially hijack Windows machines.

Adobe’s Download Manager is used to push security patches to Windows computers. It is intended for one-time use and removes itself from the computer after the machine is restarted. However, according to Aviv Raff, the security researcher who found the vulnerability, the feature can be abused to force users to download a vulnerable version of an Adobe product. This could be particularly troubling for a user who uninstalls Adobe software because of concerns about a zero-day, Raff argued in a blog post.

“This is not a far-fetched ‘what if,'” Raff wrote. “An attacker can force you to automatically download and install the vulnerable Adobe product, and then exploit the zero-day vulnerability in that product.”

In an advisory, Adobe recommended that users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine. From the Adobe advisory:

“Users who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below:• Ensure that the C:Program FilesNOS folder and its contents (“NOS files”) are not present on your system. (If the folder is present, follow the steps below to remove).• Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” is not present in the list of services.If the NOS files are found, the Adobe Download Manager issue can be mitigated by:• Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.OR• Clicking “Start” > “Run” and typing “services.msc”. Then deleting “getPlus(R) Helper” from the list of services.• Then delete the C:Program FilesNOS folder and its contents.“

Those who downloaded Adobe Reader or Adobe Flash Player after Feb. 23 do not need to take any action.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information