Adobe Warns of Flash, PDF Zero Day Attack

2010-06-05T03:10:00
ID ADOBE-WARNS-FLASH-PDF-ZERO-DAY-ATTACK-060410/74069
Type threatpost
Reporter Ryan Naraine
Modified 2013-04-17T16:36:49

Description

Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.

Related Posts

Firefox to Block Flash in August, Disable in 2017

July 21, 2016 , 4:35 pm

ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks

June 17, 2016 , 6:00 am

Fix Coming for Flash Vulnerability Under Attack

June 14, 2016 , 12:59 pm

It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said.

From Adobe’s advisory:

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate “does not appear to be vulnerable,” the company said.

Mitigation Guidance

In the absence of a patch, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x. This will mitigate the threat but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

Adobe security chief Brad Arkin said the company received the first malicious sample around 10:30 AM on Friday. There is no information on when a patch will be available.