Just some days ago I blogged about unpatched vulnerability affecting Adobe Reader and Acrobat versions. Unfortunately, there's been found another critical unpatched vulnerability in Adobe's products. This vulnerability (CVE-2010-2884) affects Flash Player, Adobe Reader and Adobe Acrobat programs. By exploiting the vulnerability an attacker may be able to cause a crash or execute arbitrary code in affected system. According to reports Flash Player vulnerability is actively exploited in the wild. Adobe says that they're not aware of any attacks exploiting this new vulnerability against Adobe Reader or Acrobat at the moment.
Affected software:
-Adobe Flash Player 10.1.82.76 and earlier
-Adobe Reader 9.3.4 and earlier versions
-Adobe Acrobat 9.3.4 and earlier versions
There are no patches available yet. To avoid exploitation users of the affected versions are advised to keep their antivirus protection definitions updated and open Flash (SWF) files from reliable sources only.
Adobe plans to bring update for Flash Player during the week of September 27, 2010 and for Adobe Reader and Acrobat during the week of October 4, 2010.
More information in the security advisory.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment