"This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player."As described at The Register, the Adobe Reader/Acrobat exploit can install a backdoor trojan known as Wisp, which steals sensitive data and installs a backdoor on compromised systems. The vulnerability in Adobe's Flash Player drops two malicious binaries onto Windows machines that open the document files.
Adobe provided mitigations for all platforms of Adobe Reader/Acrobat customers in the Security Advisory. Personally, I prefer to use an alternate PDF reader and have been satisfied with the performance of Sumatra PDF.
Mitigations for Windows users:
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat."
Updates:
An update for Adobe Flash Player is expected by November 9, 2010. Adobe Reader and Acrobat 9.4 are expected to be updated during the week of November 15, 2010.
References:
Critical zero-day vulnerability found in Adobe Flash, Reader, Acrobat
Security Advisory (APSA10-05)
PSIRT Blog: Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat (APSA10-05)
MMPC Encyclopedia: Trojan:Win32/Wisp
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,
No comments:
Post a Comment