Vulnerabilities / Threats
9/14/2010
01:39 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Adobe Facing Two Zero-Day Vulnerabilities

A warning on Monday about a vulnerability affecting Flash, Acrobat, and Reader echoes another software flaw disclosed last week.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full photo gallery)
Adobe on Monday warned that a critical vulnerability in the most current version of its Flash Player is being actively exploited on Windows computers.

Adobe's Reader and Acrobat software are also affected by this vulnerability but the company said that it isn't aware of active attempts to exploit the flaw in either of these two programs at the moment.

"This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in an e-mail.

The vulnerable software includes: Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android; Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.

Adobe said that it plans to release a patch to address the flaw in its Flash Player software during the week of September 27, 2010. Fixes for its Reader and Acrobat software are planned for the week of October 4, 2010.

This marks the second zero-day vulnerability affecting Adobe's Acrobat and Reader software. On Wednesday, Adobe warned about a different bug affecting Acrobat and Reader. This vulnerability (CVE-2010-2883) also could cause a crash and also is being actively exploited.

Affected software includes: Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.

Adobe plans to deliver a fix for CVE-2010-2883 during the week of October 4, 2010, with the other fix for Acrobat and Reader.

In March, security company F-Secure said that Acrobat/Reader was the application that was most frequently targeted by malware in 2009.

Adobe is planning to add a security "sandbox" to the next major Windows release of its Reader software later this year.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4233
Published: 2015-07-02
SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037.

CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report