07-22-2009 12:21 PM - edited 07-22-2009 12:27 PM
On Tuesday, July 21, 2009, symantec became Aware of a Previously Un-Known Vulnerability Affecting Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. Attackers can Exploit the Issue to Execute Arbitrary Code by enticing a Vulnerable User into visiting a Malicious Web Site or Opening a Malicious File. This Issue is being Exploited In-The-Wild in Limited Attacks.
On July 21, 2009, Adobe acknowledged the Vulnerability in the following Post: http://blogs.adobe.com/psirt/2009/07/potential_ado
Users are Advised to:
- Avoid following Web Links that Originate from Un-Known or Un-Trusted Sources.
- Avoid Processing Files that Originate from Un-Known or Un-Trusted Sources.
- Implement multiple redundant layers of security such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.
- Deploy Intrusion Detection to Monitor Network Traffic for Malicious Activity.
- Run all Software as a Non-Privileged User with Minimal Access Rights.
For more information, see the following Vulnerability Alert:
Adobe Acrobat, Reader and Flash Player Un-Specified Vulnerability: http://www.securityfocus.com/bid/35759.
Solved! Go to Solution.
07-22-2009 02:04 PM
Next-Generation Flash Vulnerability: http://www.symantec.com/connect/blogs/next-generat
07-22-2009 08:47 PM
08-18-2009 03:32 AM
Updates are Available; please see Web Link for More Details.
09-02-2009 12:47 PM
Patches have now been Released in July/August 2009. Sorry for the late Update on this Issue.
Update on Adobe Reader, Acrobat and Flash Player Issue: http://blogs.adobe.com/psirt/2009/07/update_on_ado
Security advisory for Adobe Reader, Acrobat and Flash Player: http://www.adobe.com/support/security/advisories/a
Security updates available for Adobe Flash Player, Adobe Reader and Acrobat: http://www.adobe.com/support/security/bulletins/ap