September 14, 2010

A Second Adobe 0-day Vulnerability In Just One Week (CVE-2010-2884)

Carl Leonard Principal Security Analyst

Websense Security Labs are currently investigating reports of another in the wild 0-day vulnerability affecting Adobe products. Our customers are protected from this latest vulnerability by ACE, our Advanced Classification Engine. 

Adobe announced in their Security Advisory APSA10-03 that Adobe Flash Player, Adobe Reader, and Adobe Acrobat are affected. This security advisory relates to CVE-2010-2884. 

The vulnerability has been rated critical by Adobe.  If exploited, the malware author has the opportunity to execute code on the affected user's machine. 

The following products are affected:

Adobe Flash Player and earlier versions for:

  • Windows
  • Macintosh
  • Linux
  • Solaris

Adobe Flash Player for:

  • Android

Adobe Reader 9.3.4 for:

  • Windows
  • Macintosh
  • UNIX

Also Adobe Acrobat 9.3.4 and earlier versions for:

  • Windows
  • Macintosh


The previous Security Advisory published by Adobe, CVE-2010-2883 affected only Adobe Reader and Adobe Acrobat.

As per our earlier tweets, Adobe are advising that they plan to patch the Flash Player vulnerability during the week commencing September 27, and have the aim of patching Adobe Reader/Acrobat the week after that.

We are keeping a close eye on developments and will be sure to update you further as events unfold.

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.