Adobe patches critical vulnerability in Download Manager
Adobe has released a security update to address a critical hole in its Adobe Download Manager (DLM) – software supplied to Adobe by NOS Micro. The vulnerability, discovered by Israeli security specialist Aviv Raff, can be exploited by specially crafted websites to install arbitrary software on a Windows computer. Under normal conditions, the DLM should only install software that has been digitally signed by Adobe and originates from an Adobe website.
Exploiting the vulnerability is, however, not trivial, as DLM is not usually permanently installed on a PC. It kicks in only when, for example, the Flash Player page is called as an ActiveX control. In Internet Explorer this, by default, triggers a dialogue box asking the user for confirmation. The control then remains active until the PC is restarted, after which it vanishes from the system. The situation is similar to the Firefox plug-in under Windows.
All versions of the Adobe Download Manager on Windows prior to the 23rd of February, 2010 are affected. According to Adobe, users who downloaded Adobe Reader for Windows or the Adobe Flash Player for Windows from the company's website before the 23rd of February, 2010 may be vulnerable.
Users can verify that they are not vulnerable by ensuring that the
C:\Program Files\NOS\ folder and its contents are not present on their system and that the "getPlus(R) Helper" is not present in the list of services by selecting "Start" > "Run" and typing
services.msc. Adobe says that, should the folder and service be present, users can uninstall the Download Manager using "Add or Remove Programs" under the Windows Control Panel. Alternatively, users can delete the folder, its contents and "getPlus(R) Helper" from the list of services.
Security company Secunia report in its blog that analysis shows the new version of Adobe Reader 9.3.1 eliminates a vulnerability in the libtiff library that has been known for four years. Secunia say that according to Adobe "In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system" a comment which avoids mentioning libtiff library errors.
- Security update available for Adobe Download Manager, security advisory from Adobe.
- Security problems in Adobe's Download Manager, a report from The H.