|05 Jun 2010||#1|
| || |
New 0-day vulnerability in Adobe´s Flash Player, Reader & Acrobat
i got a flash-message from SITIC, (the Swedish IT-Incident Center), there is a new 0-day vulnerability in Adobe´s Flash Player, Reader & Acrobat !
info from Adobe:
"Security Advisory for Flash Player, Adobe Reader and Acrobat
Release date: June 4, 2010
Vulnerability identifier: APSA10-01
CVE number: CVE-2010-1297
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix."
Adobe - Security Advisories: Security Advisory for Flash Player, Adobe Reader and Acrobat
Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability
Security Advisory for Flash Player, Adobe Reader and Acrobat - Adobe Product Security Incident Response Team (PSIRT)
yet another reason not to use Adobe PDF-reader...
there are several other FREE PDF-readers available:
PDFreaders.org - Get a Free Software PDF reader!
fx. Sumatra is working very well, i´ve used it for several weeks now.
|My System Specs|
|06 Jun 2010||#2|
| || |
In this case, the problem is Adobe Flash more than Adobe/Acrobat Reader. Although the vulnerability can also be vectored through malicious PDF files to invoke FLASH, merely replacing Adobe Reader with another PDF reader is not the solution because malicious Flash files are not limited to PDF format. My recommendations: Adobe Flash/Reader Vulnerability Mitigation Options.
|My System Specs|
|Similar help and support threads for2: New 0-day vulnerability in Adobe´s Flash Player, Reader & Acrobat|
|Adobe patches critical security bugs in Flash, Reader, Acrobat||Security News|
|Win 7 64-bit and problems with Adobe Reader/Acrobat||Software|
|Help with Adobe Acrobat Reader magnification||Software|
|Adobe Acrobat Reader Upgrade||System Security|
|Report: Adobe Reader, IE top vulnerability list||System Security|
|Critical vulnerability found in Adobe Flash Player||News|
|Adobe Reader and Acrobat Update 9.1||News|