CVE-2010-1297: Security Advisory for Flash Player, Adobe Reader and Acrobat
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
acroread (Ubuntu) |
Fix Released
|
High
|
Brian Thomason | ||
adobe-flashplugin (Ubuntu) |
Fix Released
|
High
|
Brian Thomason | ||
flashplugin-nonfree (Ubuntu) |
Fix Released
|
High
|
Marc Deslauriers | ||
Bug Description
Binary package hint: acroread
http://
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.
[...]
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
CVE References
Changed in acroread (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in adobe-flashplugin (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in flashplugin-nonfree (Ubuntu): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in acroread (Ubuntu): | |
assignee: | nobody → Brian Thomason (brian-thomason) |
Changed in adobe-flashplugin (Ubuntu): | |
assignee: | nobody → Brian Thomason (brian-thomason) |
Changed in flashplugin-nonfree (Ubuntu): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in adobe-flashplugin (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in acroread (Ubuntu): | |
status: | Confirmed → Fix Released |
Until there's a fix from Adobe, I'd recommend that an update that deletes/chmods 000 /opt/Adobe/ Reader9/ Reader/ intellinux/ lib/libauthplay .so.0.0. 0 should be released.