|
Affected Systems:
Operating systems: Windows, Macintosh, UNIX
Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions
Please note:
Adobe expects to release a patch for this vulnerability for Windows, Macintosh, and UNIX by July 31, 2009. Updates for Flash on Solaris are still pending.
Description:
As this vulnerability was initially discovered as malicious content embedded in PDFs, it was initially believed to be a vulnerability in Adobe Acrobat and Adobe Reader. Further testing revealed, however, that this exploit also worked with malicious Flash content embedded in web pages.
Solution:
Apply the patch supplied by Adobe in Security Bulletin APSB09-10.
To prevent the exploit from working in Adobe Acrobat and Adobe Acrobat Reader:
Delete, rename, or remove access to the file named authplay.dll that ships with Adobe Reader and Acrobat v9.x. Adobe also recommends that Windows Vista users enable UAC (User Access Control) to help mitigate the impact of any potential exploit.
To prevent the exploit from working in Firefox:
Deploy a plugin like Flashblock (less intrusive) or NoScript (more protection, but more intrusive)
To prevent the exploit from working in Internet Explorer:
Apply the kill bit for the following CLSID to prevent the Flash plugin from running:
{D27CDB6E-AE6D-11cf-96B8-444553540000}
How to stop an ActiveX control from running in Internet Explorer: http://support.microsoft.com/kb/240797
References:
Flashblock plugin for Firefox: https://addons.mozilla.org/en-US/firefox/addon/433
NoScript plugin for Firefox: https://addons.mozilla.org/en-US/firefox/addon/722
SANS ISC: YA0D (Yet Another 0-Day) in Adobe Flash player http://isc.sans.org/diary.html?storyid=6847
Source:
Security advisory for Adobe Reader, Acrobat and Flash Player http://www.adobe.com/support/security/advisories/apsa09-03.html
|
