Vulnerabilities / Threats
9/14/2010
01:39 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Adobe Facing Two Zero-Day Vulnerabilities

A warning on Monday about a vulnerability affecting Flash, Acrobat, and Reader echoes another software flaw disclosed last week.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full photo gallery)
Adobe on Monday warned that a critical vulnerability in the most current version of its Flash Player is being actively exploited on Windows computers.

Adobe's Reader and Acrobat software are also affected by this vulnerability but the company said that it isn't aware of active attempts to exploit the flaw in either of these two programs at the moment.

"This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in an e-mail.

The vulnerable software includes: Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android; Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.

Adobe said that it plans to release a patch to address the flaw in its Flash Player software during the week of September 27, 2010. Fixes for its Reader and Acrobat software are planned for the week of October 4, 2010.

This marks the second zero-day vulnerability affecting Adobe's Acrobat and Reader software. On Wednesday, Adobe warned about a different bug affecting Acrobat and Reader. This vulnerability (CVE-2010-2883) also could cause a crash and also is being actively exploited.

Affected software includes: Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.

Adobe plans to deliver a fix for CVE-2010-2883 during the week of October 4, 2010, with the other fix for Acrobat and Reader.

In March, security company F-Secure said that Acrobat/Reader was the application that was most frequently targeted by malware in 2009.

Adobe is planning to add a security "sandbox" to the next major Windows release of its Reader software later this year.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.