LINKS
INSTRUCTION
STRINGS
ACCESSORIES
MUSIC
| Visit Our Catalog at SteelGuitarShopper.com |

The Steel Guitar Forum

FAQ Search Join Private Messages Profile Log in


Post new topic Adobe Reader, Acrobat and Flash Player Vulnerability
Reply to topic
Forum Index > Computers Next oldest topic :: Next newest topic
Author Topic:  Adobe Reader, Acrobat and Flash Player Vulnerability
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 25 Jul 2009 2:12 pm    
Reply with quote
Adobe Reader, Acrobat and Flash Player Vulnerability

July 23, 2009

US-CERT and other security watchdogs have released a bulletin about new zero day exploits targeting new vulnerabilities in Adobe Reader and Acrobat. This time the exploits take advantage of Reader and Acrobat allowing embedded Flash content to run when a person opens a .pdf file in Adobe Reader or Acrobat. If that embedded Flash file contains hostile code it will run under the privileges of the logged in user.

Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the security advisory and implement the following workarounds until a fix is available:

* Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".

* Disable Flash Player or selectively enable Flash content as described in the Securing Your Web Browser Document.

Adobe's Statement about this vulnerability

Quote:
A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.

We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009.


As I have mentioned many times before, users operating with reduced user privileges would be less impacted by exploit attacks than those operating as Administrators. Read my latest blog article about how running a PC with reduced user privileges stops 92% of malware (at least for now).
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website
Forum Index > Computers Next oldest topic :: Next newest topic
Post new topic Reply to topic

All times are GMT - 8 Hours
Jump to:  
Please review our Forum Rules and Policies
Our Online Catalog
Strings, CDs, instruction, and steel guitar accessories
www.SteelGuitarShopper.com

The Steel Guitar Forum
148 S. Cloverdale Blvd.
Cloverdale, CA 95425 USA

Click Here to Send a Donation

Email SteelGuitarForum@gmail.com for technical support.


Powered by phpBB © 2001, 2005 phpBB Group

BIAB Styles
Ray Price Shuffles for Band-in-a-Box
by Jim Baron