Mountain View (ip-192.com): Adobe has warned about new zero-day vulnerabilities in its Acrobat, Flash Player, and Reader products. The unpatched exploits are critical and platform independent. They can affect users running Windows, Linux, Solaris, and Macintosh operating systems.
"A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems," says Adobe in its security bulletin. "This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat."
Adobe did not release a time line for a patch but says that the Flash Player 10.1 Release Candidate (RC) does not appear to be vulnerable. Users can download the RC from the Adobe Labs website here.
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content," Adobe says. "The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat."
Earlier 8.x versions of Adobe Reader and Acrobat are confirmed not vulnerable.
Recent Comments