MA-234.062010: MyCERT Alert -Critical Vulnerabilities in Adobe Flash Player, Adobe Reader and Acrobat Date of publication: 2010-06-05
Updated date: 2010-06-09 1.0 Introduction A critical vulnerability has been identified in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. 2.0 Impact By exploiting this vulnerability, an attacker could execute arbitrary code on vulnerable installations of Adobe Fllash Player, Adobe Reader or Adobe Acrobat and gain the same privilege as the user. This vulnerability could be exploited to install malware on the user's computer. 3.0 Affected Products Products listed below are vulnerable to this vulnerability: Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris
Adobe Flash Player 9.0.262 and earlier versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier versions for Windows, Macintosh and UNIX 4.0 Recommendation As of the writing of this advisory, Adobe has not released any security patches for this vulnerability. However, users can use the following steps as a temporary workaround: Adobe Flash Player
Upgrade the Flash Player to pre release version, 10.1 Release Candidate that does not appear to be vulnerable. The update is available at the following URL: http://labs.adobe.com/technologies/flashplayer10/ Adobe Reader and Acrobat - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat. Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file Adobe Reader 9.x- UNIX
1) Go to installation location of Reader (typically a folder named Adobe)
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris)
3) Remove the library named "libauthplay.so.0.0.0" MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. In case the public requires our further information or analysis, please reach us through the following channels: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my
5.0 References
|
