Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

New Adobe vuln in Reader and Flash Player

on July 23, 2009

Adobe is reporting yet another “potential vulnerability” affecting Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10 and is “investigating this potential issue.” (their blog post here.)

Malicious Flash files can be embedded in PDF documents which can be executed by vulnerable copies of Adobe Reader. Exploits also can be executed by the Flash player directly. A small number of exploits has been reported in the wild. A fix is expected by the end of July.

US-CERT has posted workarounds:
Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll” and “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”.

Disable Flash Player or selectively enable Flash content. CERT offers a document on securing your web browser here.

Tom Kelchner

submit to reddit