United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008
Accepted Solution

Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

[ Edited ]
Options

‎07-22-2009 12:21 PM - edited ‎07-22-2009 12:27 PM

On Tuesday, July 21, 2009, symantec became Aware of a Previously Un-Known Vulnerability Affecting Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. Attackers can Exploit the Issue to Execute Arbitrary Code by enticing a Vulnerable User into visiting a Malicious Web Site or Opening a Malicious File. This Issue is being Exploited In-The-Wild in Limited Attacks.

On July 21, 2009, Adobe acknowledged the Vulnerability in the following Post: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html.

 

 

Users are Advised to:

 

- Avoid following Web Links that Originate from Un-Known or Un-Trusted Sources.

 

- Avoid Processing Files that Originate from Un-Known or Un-Trusted Sources.

 

- Implement multiple redundant layers of security such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.

 

- Deploy Intrusion Detection to Monitor Network Traffic for Malicious Activity.

 

- Run all Software as a Non-Privileged User with Minimal Access Rights.

 

 

For more information, see the following Vulnerability Alert:

Adobe Acrobat, Reader and Flash Player Un-Specified Vulnerability: http://www.securityfocus.com/bid/35759.

 

Message Edited by Floating_Red on 07-22-2009 08:25 PM
Message Edited by Floating_Red on 07-22-2009 08:26 PM
Message Edited by Floating_Red on 07-22-2009 08:26 PM
Message Edited by Floating_Red on 07-22-2009 08:27 PM
Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 1 of 5 (1,828 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

Options

‎07-22-2009 02:04 PM

Next-Generation Flash Vulnerability: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability.

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 2 of 5 (1,789 Views)
0 Kudos
SendOfJive
Posts: 9,908
Kudos: 4,195
Solutions: 706
Registered: ‎02-07-2009

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

Options

‎07-22-2009 08:47 PM

There is a very good short summary about this on the SANS Internet Storm Center.  They've even coined a new acronym that pretty much says it all.  So far, no mitigation guidelines other than blocking Flash content with NoScript in Firefox.
Report Inappropriate Content
Message 3 of 5 (1,747 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

Options

‎08-18-2009 03:32 AM

Updates are Available; please see Web Link for More Details.

 

 

http://www.securityfocus.com/bid/35759/solution.

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 4 of 5 (1,580 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

Options

‎09-02-2009 12:47 PM

Patches have now been Released in July/August 2009.  Sorry for the late Update on this Issue.

 

 

Update on Adobe Reader, Acrobat and Flash Player Issue: http://blogs.adobe.com/psirt/2009/07/update_on_adobe_reader_acrobat.html.

 

Security advisory for Adobe Reader, Acrobat and Flash Player:  http://www.adobe.com/support/security/advisories/apsa09-03.html.

 

Security updates available for Adobe Flash Player, Adobe Reader and Acrobat: http://www.adobe.com/support/security/bulletins/apsb09-10.html.

 

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 5 of 5 (1,465 Views)

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+