atw: Software vulnerability notification. Worth a read because there is no update yet.

• From: "Warren Lewington" <wjlewington@xxxxxxxxxxx>
• To: <austechwriter@xxxxxxxxxxxxx>
• Date: Sun, 26 Jul 2009 18:51:33 +1000

(1) CRITICAL: Adobe Acrobat/Reader and Adobe Flash Player Remote Code
Execution Vulnerability

Affected:

Adobe Reader 9.1.2

Adobe Acrobat Standard 9.x

Adobe Acrobat Reader 9.x

Adobe Acrobat Professional 9.x

Adobe Flash Player 10.x

Adobe Flash Player 9.x

 

Description: Adobe Acrobat and Adobe Reader is the most popular software for
creating and viewing Portable Document Format (PDF) files. Adobe Flash
Player is a multimedia application used for viewing animations on web
browsers. There is a vulnerability in Adobe Flash Player and Adobe
Acrobat/Reader which could be triggered by opening a specially crafted a
specially crafted Flash (SWF) file or a PDF file containing a malicious
Flash (SWF) animation. The specific flaw lies in the "flash9f.dll" and
"authplay.dll" modules. Successful exploitation might lead to a
denial-of-service condition or compromise of the affected system. Note that,
depending upon configuration, PDF documents may be opened by the vulnerable
applications upon receipt without first prompting the user. Reports indicate
that this vulnerability is being actively exploited in the wild.  

 

Status: Vendor confirmed, no updates available yet. The vendor will provide
an update for Flash Player v9 and v10 by 30th July 2009 and for Adobe Reader
and Acrobat v9.1.2 by 31st July 2009.   

 

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription