Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Adobe Reader browse-and-get-pwned 0day under attack

28 Oct 2010   #1

Arch Linux 64-bit
 
 
Adobe Reader browse-and-get-pwned 0day under attack

Quote:
Adobe has confirmed reports that yet another unpatched vulnerability in the latest versions of its ubiquitous software is being actively exploited to infect end users with data-stealing malware.

The vulnerability exists in Adobe's Reader document viewer and Flash Media Player for Windows, OS X and Unix operating systems, Adobe warned on Thursday. According to independent researchers, it is being exploited in the wild against Reader for Windows to install a nasty trojan known as Wisp, which according to Microsoft, steals sensitive user data and installs a backdoor on compromised systems.
...
Adobe Reader browse-and-get-pwned 0day under attack • The Register

My System SpecsSystem Spec
.

28 Oct 2010   #2

Windows 7
 
 

Does Adobe have any solution other than to wait and worry?

I believe I just had a Flash update this past two weeks
My System SpecsSystem Spec
28 Oct 2010   #3

Windows 7 Ultimate x86
 
 

Good thing I don't use the reader anymore. I just wish there was a safe alternative for the flash player (others than download the flash clip and use an external player)
My System SpecsSystem Spec
.


29 Oct 2010   #4

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by mr pc View Post
Does Adobe have any solution other than to wait and worry?
Yes, for what it is worth, Adobe provided Mitigations, with the following for Windows users:
Quote:
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat."
My System SpecsSystem Spec
29 Oct 2010   #5

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

About two weeks for the fix...maybe

Quote:
Adobe said it expects to have a patch for Flash Player by November 9, 2010 and update for Adobe Reader and Acrobat 9.x during the week of November 15, 2010.
My System SpecsSystem Spec
29 Oct 2010   #6

Windows 7 Professional 64 Bit SP1
 
 

I disabled both the reader and flash player in Firefox addons panel, would that have the same effect, or would the exploit still be able to abuse them?

Quote   Quote: Originally Posted by Corrine View Post
Quote   Quote: Originally Posted by mr pc View Post
Does Adobe have any solution other than to wait and worry?
Yes, for what it is worth, Adobe provided Mitigations, with the following for Windows users:
Quote:
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat."
My System SpecsSystem Spec
29 Oct 2010   #7

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote   Quote: Originally Posted by Rei Tumult View Post
I disabled both the reader and flash player in Firefox addons panel, would that have the same effect, or would the exploit still be able to abuse them?
It would probably be on the safe side to disable it in the fix posted above. You can just navigate to the file authplay.dll and rename it to something else, like authplay.old or aothploy.dll. You'll need to be signed on as an admin to make this change.

Quote:
In the interim, the company suggests that affected users delete, rename or remove access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x.
This mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
My System SpecsSystem Spec
Reply

 Adobe Reader browse-and-get-pwned 0day under attack




Thread Tools



Similar help and support threads for2: Adobe Reader browse-and-get-pwned 0day under attack
Thread Forum
What's the Meaning of This: Adobe Certificate Attack Security News
Adobe Reader Browsers & Mail
Adobe warns of new Flash Player zero-day attack Security News
New Adobe Flash Attack -Fix is out News
Adobe Confirms New Adobe Reader Zero-Day Bug News
Adobe Reader 9.3 Software
Adobe Reader vuln hit with unusually advanced attack. Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:46 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33