A Second Adobe 0-day Vulnerability In Just One Week (CVE-2010-2884)
Websense Security Labs are currently investigating reports of another in the wild 0-day vulnerability affecting Adobe products. Our customers are protected from this latest vulnerability by ACE, our Advanced Classification Engine.
Adobe announced in their Security Advisory APSA10-03 that Adobe Flash Player, Adobe Reader, and Adobe Acrobat are affected. This security advisory relates to CVE-2010-2884.
The vulnerability has been rated critical by Adobe. If exploited, the malware author has the opportunity to execute code on the affected user's machine.
The following products are affected:
Adobe Flash Player 10.1.82.76 and earlier versions for:
- Windows
- Macintosh
- Linux
- Solaris
Adobe Flash Player 10.1.92.10 for:
- Android
Adobe Reader 9.3.4 for:
- Windows
- Macintosh
- UNIX
Also Adobe Acrobat 9.3.4 and earlier versions for:
- Windows
- Macintosh
The previous Security Advisory published by Adobe, CVE-2010-2883 affected only Adobe Reader and Adobe Acrobat.
As per our earlier tweets, Adobe are advising that they plan to patch the Flash Player vulnerability during the week commencing September 27, and have the aim of patching Adobe Reader/Acrobat the week after that.
We are keeping a close eye on developments and will be sure to update you further as events unfold.
