BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Adobe Reader Remote Code Execution

Disclosed October 28, 2010    Fully Patched

Vulnerability Description:

Adobe Flash contains a vulnerability in authplay.dll when handling crafted flash content. Successful exploitation could cause denial of service conditions (i.e. application crash) or arbitrary code execution. Adobe Flash is embedded within Adobe Reader and Adobe Acrobat, and they are also vulnerable. There are reports of this vulnerability being actively exploited in-the-wild. A patch was released for Adobe Flash however the vulnerability still exists in Adobe Reader and Adobe Acrobat.

Vendors:

Adobe

Vulnerable Software/Devices:

Reader/Acrobat 9.4 and prior 9.x versions for Windows, Mac OS X, and UNIX.

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
    • Retina Audit ID 13695 - Adobe Reader/Acrobat Embedded Flash Content Vulnerability (Zero-Day) - UNIX

Mitigation:

Apply appropriate vendor patches.

Links:

CVE(s):

None

Leave a Reply