Vigil@nce: Adobe Flash, Reader, software installation
March 2010 by Vigil@nce
The Adobe Download Manager product can be used to install an
unwanted software.
– Severity: 2/4
– Consequences: user access/rights
– Provenance: internet server
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 24/02/2010
IMPACTED PRODUCTS
– Adobe Acrobat/Reader
– Adobe Flash Player
DESCRIPTION OF THE VULNERABILITY
The Adobe Download Manager product is installed during updates of
Adobe Flash or Adobe Reader. This product is uninstalled during
the next system reboot.
However, as long as the user did not reboot his system, an
attacker can use Adobe Download Manager (NOS Microsystems getPlus
Downloader ActiveX) to force the installation of an Adobe product
on victim’s computer.
The Adobe Download Manager product can therefore be used to
install an unwanted software.
CHARACTERISTICS
– Identifiers: APSB10-08, CVE-2010-0189, VIGILANCE-VUL-9474
– Url: http://vigilance.fr/vulnerability/Adobe-Flash-Reader-software-installation-9474