Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild
On Tuesday, July 21, 2009, symantec became Aware of a Previously Un-Known Vulnerability Affecting Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. Attackers can Exploit the Issue to Execute Arbitrary Code by enticing a Vulnerable User into visiting a Malicious Web Site or Opening a Malicious File. This Issue is being Exploited In-The-Wild in Limited Attacks.
On July 21, 2009, Adobe acknowledged the Vulnerability in the following Post: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html.
Users are Advised to:
- Avoid following Web Links that Originate from Un-Known or Un-Trusted Sources.
- Avoid Processing Files that Originate from Un-Known or Un-Trusted Sources.
- Implement multiple redundant layers of security such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.
- Deploy Intrusion Detection to Monitor Network Traffic for Malicious Activity.
- Run all Software as a Non-Privileged User with Minimal Access Rights.
For more information, see the following Vulnerability Alert:
Adobe Acrobat, Reader and Flash Player Un-Specified Vulnerability: http://www.securityfocus.com/bid/35759.