Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Researcher Finds New Vulnerability in Adobe

According to Manager of Fraud Action Research Lab at RSA, Aviv Raff, the software "Adobe Download Manager' that is utilized for loading or updating Flash and Reader of Adobe via Internet Explorer contains security vulnerability. This vulnerability, if exploited, can help to download malicious code onto users' computers through remotely, the researcher explained, as per the news published by Ecommerce Journal on February 19, 2010.

Raff further disclosed that the vulnerability can be abused in installing any malicious file according to the attacker's wish just via duping an end user into following certain web-link related to the Adobe.com domain.

Explaining how this works, Raff stated that it used a combination of a flaw in Adobe.com and a fault within the Download Manager. As a result, he managed to install and run the Windows calculator within his own case onto a Register experimental system.
The researcher warned that the flaw would return and wreak havoc in case the con artists discovered and used it against unwary netizens.

Raff said that rather than accepting that the vulnerability was indeed an issue that malicious attackers could exploit, Adobe chose to undermine the problem. The Register published this on February 18, 2010.

Said the software company Adobe that its Download Manager had been designed for single-time use. This application was so made that it would eliminate itself from a PC following its utilization when the system restarts next. Moreover, the end user himself can eliminate the Adobe Download Manager before the application uses Add or Remove software.

However, according to the researcher, since the Download Manager continues to be on the system till the next reboot, hackers have sufficient time for exploiting the flaw. Presuming that the system is rebooted after a period of 24-72 hours, attacks involving remote installation of malware can be reasonably successful provided they're executed within 1-3 days of a latest software upgrade.

Additionally, because the Download Manager can be utilized for taking down the most recent edition of an application from Adobe.com, a hacker can forcibly make end users install the vulnerable product. Subsequently, he can abuse the unpatched flaw within that product.

Related article: Researchers Urge Caution against phishing Scams

ยป SPAMfighter News - 3/1/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next