FYI...
Adobe Flash/Acrobat/Reader vulns
___
Status update: Adobe vulnerabilities - exploits-in-the-wild ...
- http://www.adobe.com/support/securit...apsa10-01.html
Last updated: June 8, 2010 - "... We are in the process of finalizing a fix for the issue, and expect to provide an update for Flash Player 10.x for Windows, Macintosh, and Linux by June 10, 2010. The patch date for Flash Player 10.x for Solaris is still to be determined.
We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010..."
- http://atlas.arbor.net/briefs/index#-1218073436
Title: Adobe Flash, Reader, and Acrobat 0day authplay Vulnerability
Severity: Extreme Severity
June 09, 2010 - "Analysis: This is an active, critical issue being exploited in the wild. We have multiple sources of these attacks with minimal AV detection. We encourage sites to investigate remediation steps immediately to address this."
Source: http://www.us-cert.gov/cas/techalerts/TA10-159A.html
- http://www.f-secure.com/weblog/archives/00001963.html
June 8, 2010 - "... spam run pushing a PDF exploit... screenshot of the PDF attachment..."
Adobe 0-day used in targeted attacks
- http://community.websense.com/blogs/...n-attacks.aspx
9 Jun 2010
- http://www.kb.cert.org/vuls/id/486225
Date Last Updated: 2010-06-09
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1297
Last revised: 06/09/2010
CVSS v2 Base Score: 9.3 (HIGH)
Mitigations for Adobe vulnerability: CVE-2010-1297
- http://www.sophos.com/blogs/sophoslabs/?p=9954
June 8, 2010 - "...
1. Renaming authplay.dll: Our testing shows that this workaround, at least for this sample, works successfully (as claimed by Adobe). Acrobat will work normally on regular PDFs, but on exploited files (and potentially others with embedded SWF files), it will crash, but the exploit will fail.
2. Disabling JavaScript: As recommended previously, disabling JavaScript in Acrobat Reader is another workaround for this sample (since it relies on JavaScript to create the shellcode).
3. Alternative PDF reader: The exploit depends upon embedded SWF content, so PDF readers which ignore this ought to be safe..."
- http://www.symantec.com/connect/blog...er-and-acrobat
June 6, 2010 - "We have confirmed the attacks that are exploiting the vulnerability (CVE-2010-1297) Adobe announced on its security advisory* are in the wild. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:
• Receiving an email with a malicious PDF attachment.
• Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
• Stumbling across a malicious PDF or SWF file when surfing the web..."
- http://krebsonsecurity.com/2010/06/a...crobat-reader/
June 5, 2010
- http://blog.trendmicro.com/zero-day-...n-in-the-wild/
June 5, 2010
- http://blogs.adobe.com/psirt/2010/06..._adobe_re.html
June 4, 2010
Adobe Flash Player vuln
- http://secunia.com/advisories/40026/
Release Date: 2010-06-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Adobe Flash Player 10.x, Adobe Flash Player 9.x ...
NOTE: The vulnerability is reportedly being actively exploited.
Solution: Reportedly, the latest version 10.1 Release Candidate is not affected...
- http://labs.adobe.com/downloads/flashplayer10.html
Reported as a 0-day.
Original Advisory: Adobe:
* http://www.adobe.com/support/securit...apsa10-01.html
Adobe Reader/Acrobat vuln
- http://secunia.com/advisories/40034/
Release Date: 2010-06-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
NOTE: The vulnerability is currently being actively exploited.
Solution: Delete, rename, or remove access to authplay.dll to prevent running SWF content in PDF files...
Reported as a 0-day.