Tuesday, Sep 14, 2010

A Second Adobe 0-day Vulnerability In Just One Week (CVE-2010-2884)

Share

Carl Leonard Principal Security Analyst

Websense Security Labs are currently investigating reports of another in the wild 0-day vulnerability affecting Adobe products. Our customers are protected from this latest vulnerability by ACE, our Advanced Classification Engine. 

Adobe announced in their Security Advisory APSA10-03 that Adobe Flash Player, Adobe Reader, and Adobe Acrobat are affected. This security advisory relates to CVE-2010-2884. 

The vulnerability has been rated critical by Adobe.  If exploited, the malware author has the opportunity to execute code on the affected user's machine. 

The following products are affected:

Adobe Flash Player 10.1.82.76 and earlier versions for:

  • Windows
  • Macintosh
  • Linux
  • Solaris


Adobe Flash Player 10.1.92.10 for:

  • Android


Adobe Reader 9.3.4 for:

  • Windows
  • Macintosh
  • UNIX


Also Adobe Acrobat 9.3.4 and earlier versions for:

  • Windows
  • Macintosh

 

The previous Security Advisory published by Adobe, CVE-2010-2883 affected only Adobe Reader and Adobe Acrobat.

As per our earlier tweets, Adobe are advising that they plan to patch the Flash Player vulnerability during the week commencing September 27, and have the aim of patching Adobe Reader/Acrobat the week after that.

We are keeping a close eye on developments and will be sure to update you further as events unfold.

About the Author

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...