Archive for August, 2009

New Version of Download Manager for Adobe Reader Available

A new version of the download manager for Adobe Reader is live. This new version resolves the Moderate local privilege escalation issue discussed in an Adobe PSIRT blog post on July 22.
No action is required for users downloading Adobe Reader from http://get.adobe.com/reader/. Users who previously downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ can verify they are not vulnerable to this download manager issue by checking the following:

  • Ensure that the C:\Program Files\NOS folder and its contents are not present on your system.
  • Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” from the list of services.

If the NOS files are found, the download manager issue can be mitigated by:

  • Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.

OR

  • Deleting the C:\Program Files\NOS\ folder and its contents.

Note: As mentioned in a late July Adobe Security Bulletin and PSIRT blog post, we want to remind users Adobe is planning its next quarterly security update for Adobe Reader and Acrobat for Tuesday, October 13.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletin – Flex 3.3 SDK

A Security Bulletin for Flex 3.3 SDK was posted today. Adobe is not currently aware of any exploits in the wild for the security vulnerability fixed in this release.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletin – ColdFusion

Today we posted a Security Bulletin for ColdFusion and JRun. Adobe is not currently aware of any exploits in the wild for the security vulnerabilities fixed in this release.
This posting is provided “AS IS” with no warranties and confers no rights.