Links
Critical Flaw in Adobe Flash, Reader and Acrobat
GSA Reference Number: AD100607-01
Simply Put: Adobe has released an advisory for a critical vulnerability in Adobe Flash. Adobe Reader and Acrobat are also exploitable through the authplay.dll component included with Adobe Reader and Acrobat 9.x. This vulnerability can lead to remote code execution and are already the target of malware authors. No patch is available at this time. However, Adobe has provided workarounds in its advisory.
Attack Details: This vulnerability exists in Flash Player 10.0.45.2 and earlier and in authplay.dll with Adobe Reader and Acrobat 9.x. Adobe Reader and Acrobat 8.x are not vulnerable. An attacker could exploit this vulnerability by tricking a user into opening a specially-crafted PDF file with flash content or by visiting a malicious website with a specially crafted Flash file. Further attack details can be found in the Adobe bulletin.
Countermeasures: Adobe has not released a patch for this vulnerability. However, Adobe has provided some workarounds. Adobe Flash Player 10.1 Release Candidate is not vulnerable. The download location is in the Adobe bulletin. Be aware that a release candidate is not a final version of a product and may have bugs or other vulnerabilities. To mitigate the Reader and Acrobat vulnerability, users can rename or remove the authplay.dll file, typically found at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat. This will disable Flash support inside of PDF files. Adobe is currently working on an official patch.
Reference Links:
- Adobe Bulletin (http://www.adobe.com/support/security/advisories/apsa10-01.html)
- Krebs on Security Blog (http://krebsonsecurity.com/2010/06/adobe-warns-of-critical-flaw-in-flash-acrobat-reader/)
- SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=8911)