DOWNLOAD: Best tool to repair Windows problems & optimize system performance | Best driver update software for your PC
 
Results 1 to 9 of 9

Thread: New 0-day vulnerability in Adobe Flash Player, Reader & Acrobat !

  1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default New 0-day vulnerability in Adobe Flash Player, Reader & Acrobat !

    hi !

    i got a flash-message from SITIC, (the Swedish IT-Incident Center), there is a new 0-day vulnerability in Adobe´s Flash Player, Reader & Acrobat !

    "
    Security Advisory for Flash Player, Adobe Reader and Acrobat

    Release date: June 4, 2010

    Vulnerability identifier: APSA10-01

    CVE number: CVE-2010-1297

    Platform: All
    Summary

    A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix."

    Adobe - Security Advisories: Security Advisory for Flash Player, Adobe Reader and Acrobat



    Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability

    Security Advisory for Flash Player, Adobe Reader and Acrobat - Adobe Product Security Incident Response Team (PSIRT)

    yet another reason not to use Adobe PDF-reader...

    there are several other FREE PDF-readers available:
    PDFreaders.org - Get a Free Software PDF reader!

    fx. Sumatra is working very well, i´ve used it for several weeks now.
    Last edited by hackerman1; 5th June 2010 at 12:36.

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,572

    Default

    Ah ha ! Adobe always in the news these days; unfortunately not always for the right reasons!

  3. #3
    optimus's Avatar
    optimus is offline Windows Enthusiast
    Join Date
    Apr 2010
    Posts
    94

    Default

    i'm using sumatra...very nice little programme...thanks to corrine for guiding me,,,.

  4. #4
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    In this case, the problem is Adobe Flash more than Adobe/Acrobat Reader. Although the vulnerability can also be vectored through malicious PDF files to invoke FLASH, merely replacing Adobe Reader with another PDF reader is not the solution because malicious Flash files are not limited to PDF format.

    Let's see if I can reproduce my recommendations here:

    Reports are that exploitation of the critical vulnerability in Adobe Flash player is growing rapidly. This vulnerability can also be vectored through malicious PDF files to invoke Flash.

    Although Adobe has reported that Flash version 10.1 does not appear to be vulnerable to this attack (available from Adobe Labs), this is a release candidate and not the final version. Of course, that is the option suggested by Adobe but many people prefer not to run beta or RC software on their computer systems. Personally, I prefer to take a different route.

    For people who use Internet Explorer, I recommend disabling Flash with WinPatrol. Merely launch WinPatrol, select the ActiveX tab and click the Shockwave Flash Object. Click Disable and Yes to the WinPatrol warning:



    If you use Firefox, with the NoScript Firefox extension, Flash can be executed only by trusted websites of your choice. However, even with NoScript installed, I recommend disabling the Shockwave Flash plugin:



    I long ago left Adobe Reader behind, uninstalling it from all my computers. I prefer Sumatra PDF. Although the bright yellow background is a bit harsh to my liking, Sumatra PDF is a clean, light-weight PDF reader that just works. It has no undesirable toolbars, does not write to the registry and can be run from an external USB drive. Other open source PDF Readers are available from PDFreaders.org - Get a Free Software PDF reader!.

    From: Adobe Flash/Reader Vulnerability Mitigation Options ~ Security Garden

  5. #5
    MrMBerman's Avatar
    MrMBerman is offline Senior Member
    Join Date
    Mar 2009
    Location
    Tel Aviv / London / Bukidnon
    Posts
    340

    Default

    Thank you Corrine and adios Adobe (all products)

  6. #6
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    The Flash Player update is available. Direct download for IE: http://fpdownload.adobe.com/get/flas..._player_ax.exe

    Direct Download for non-IE (Opera, Firefox etc): http://fpdownload.adobe.com/get/flas...ash_player.exe

    After install, verify Flash Player version for each browser installed at About Flash Player page.

    (Uninstaller of previous version: http://kb2.adobe.com/cps/141/tn_14157.html )
    Last edited by Corrine; 11th June 2010 at 20:32. Reason: Added Non-IE download link

  7. #7
    optimus's Avatar
    optimus is offline Windows Enthusiast
    Join Date
    Apr 2010
    Posts
    94

    Default

    corrine,KIS2011 shows sumatra pdf reader doesnot have a proper digital signature....so,it alert it as risky.....why is that?

  8. #8
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    sometimes programs does not have a proper digital signature, i´ve seen that before.
    i don´t know why, and also not about Sumatra.
    even safe well known programs are sometimes marked as risky / dangerous by some antivirus-programs,
    fx. Fortinet showed an alert about WinPatrol.

    btw, a small warning about Fortinet before anyone tries it: i slows down your computer and creates other problems too.
    i tested Fortinet on Vista, but it´s probably the same problem also on W7.
    Last edited by hackerman1; 11th June 2010 at 16:19.

  9. #9
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Hi, optimus.

    hackerman1 is correct. If KIS has a feedback/submission process, you may want to consider that.

    Note: I updated my earlier post because I forgot to include the download link for non-IE browsers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22