June 7, 2010

Adobe 0-day vulnerability in Flash, Adobe Reader and Acrobat (CVE-2010-1297)

Patrik Runald

Adobe announced a new 0-day vulnerability in Flash, Adobe Reader and Adobe Acrobat over the weekend. The vulnerability lies in how Flash and Adobe Reader/Acrobat handles a specially formatted SWF file and the attacker can use this to automatically execute malware on the machine when the user just visits a website or opens up a PDF file.


Even though the vulnerability is in a Flash file it is possible to exploit it via PDF file as well as these documents can contain embedded Flash files that gets automatically executed when opened. So far there is no patch available except to update to the Release Candidate of Flash Player 10.1. A workaround for Adobe Reader/Acrobat version 9.3.2 and earlier 9.x versions is available by deleting or renaming authplay.dll in the installation directory of the application but this is obviously not an ideal solution. Adobe Reader/Acrobat version 8.x is not vulnerable. 

The attacks we have seen so far has been targeted and it's not in wide use - yet. 

Websense customers are protected against both the SWF and PDF attack vector.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.