Posts in Category "Uncategorized"

Potential Adobe Illustrator CS4 issue

Posted on December 3, 2009 by David Lenoe | Comments (0)

Adobe is aware of a report of a potential vulnerability in Adobe Illustrator CS4 (CVE-2009-4195). We are currently investigating this issue and will have an update once we have more information. It appears that this issue would require a local user to take the action of opening a malicious .eps file in Illustrator.

This posting is provided “AS IS” with no warranties and confers no rights.

Pre-Notification – Quarterly Security Update for Adobe Reader and Acrobat

Posted on October 8, 2009 by David Lenoe | Comments (0)

A Security Advisory has been posted in regards to the upcoming Adobe Reader and Acrobat updates scheduled for October 13, 2009. The updates address critical security issues in the products, including a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459), as described in a separate PSIRT blog post today. The updates will be made available for Windows, Macintosh and UNIX, and represent the second quarterly security update for Adobe Reader and Acrobat.
We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Potential Photoshop Elements 8.0 issue

Posted on September 29, 2009 by David Lenoe | Comments (0)

Adobe is aware of a report of improper service permissions potentially leading to a local privilege escalation issue in Photoshop Elements 8.0 (CVE-2009-3489). We are currently investigating this issue and will have an update once we have more information. For clarity, please note that “local privilege escalation” means that valid login credentials and/or physical access to a computer is required for service permissions to be altered. It would not be possible to exploit this issue from a remote source over the internet, for instance.
This posting is provided “AS IS” with no warranties and confers no rights.

Potential RoboHelp Server 8 Issue

Posted on September 3, 2009 by David Lenoe | Comments (0)

Adobe is aware of reports of a remote pre-authentication exploit in RoboHelp Server 8. We are currently investigating this potential issue and will have an update once we get more information.
This posting is provided “AS IS” with no warranties and confers no rights.

Flash Player update and Snow Leopard

Posted on September 2, 2009 by David Lenoe | Comments (0)

The initial release of Mac OS X 10.6 (Snow Leopard) includes an earlier version of Adobe Flash Player than what is available from Adobe.com. We recommend all users update to the latest, most secure version of Flash Player (10.0.32.18) — which supports Snow Leopard and is available for download from http://www.adobe.com/go/getflashplayer.
This posting is provided “AS IS” with no warranties and confers no rights.

New Version of Download Manager for Adobe Reader Available

Posted on August 27, 2009 by Wendy Poland | Comments (0)

A new version of the download manager for Adobe Reader is live. This new version resolves the Moderate local privilege escalation issue discussed in an Adobe PSIRT blog post on July 22.
No action is required for users downloading Adobe Reader from http://get.adobe.com/reader/. Users who previously downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ can verify they are not vulnerable to this download manager issue by checking the following:

  • Ensure that the C:\Program Files\NOS folder and its contents are not present on your system.
  • Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” from the list of services.

If the NOS files are found, the download manager issue can be mitigated by:

  • Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.

OR

  • Deleting the C:\Program Files\NOS\ folder and its contents.

Note: As mentioned in a late July Adobe Security Bulletin and PSIRT blog post, we want to remind users Adobe is planning its next quarterly security update for Adobe Reader and Acrobat for Tuesday, October 13.
This posting is provided “AS IS” with no warranties and confers no rights.

Local Privilege Escalation in Adobe Reader Installer

Posted on July 22, 2009 by Brad Arkin | Comments (0)

Adobe has investigated the local privilege escalation issue with Adobe Reader that was recently posted to milw0rm and is working with the third party responsible for this component to develop a schedule for a fix. Affected versions are the full installer for Adobe Reader 9.1.0 and 8.1.3 for Windows (CVE-2009-2564). Please note that this is not related to CVE-2009-1862.
Here are some details based on our investigation:

  • In the described exploit, an attacker could replace the getPlus_HelperSvc.exe file with malicious files that could potentially be executed in the context of Local System, resulting in a privilege escalation.
  • The issue is only locally exploitable. This means that an attacker would have to already have access to the target computer.
  • getPlus binaries are only used in the installation of Adobe Reader. The binaries delete themselves after reboot. Therefore, most users will not have these binaries present on their machine and will not be vulnerable.
  • The attacker would have to be able to start the getPlus helper service, which is stopped after installation is complete, and can only be restarted manually by an Administrator or Power User.

We rate this vulnerability as ‘Moderate’ according to our Severity Rating System because:

  • The vulnerable getPlus binaries will not exist on most machines since they are deleted after the first reboot after installation of Adobe Reader.
  • The attacker must have local access to the machine to perform the attack.
  • To perform the exploit, the attacker would have to be able to start the getPlus helper service, which is stopped after installation is complete, and can only be restarted manually by an Administrator or Power User.

Users can verify they are not vulnerable to this attack by checking the following:

  • Ensure that the C:\Program Files\NOS folder and its contents are not present on your system
  • Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” is not in the list of services

If the NOS files are found, the issue can be mitigated by:

  • Deleting the C:\Program Files\NOS folder and its contents
  • Click “Start” > “Run” and type “services.msc”. Delete “getPlus(R) Helper” from the list of services

Potential Adobe Reader, Acrobat, and Flash Player issue

Posted on July 21, 2009 by Brad Arkin | Comments (0)

Adobe is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information.
This posting is provided “AS IS” with no warranties and confers no rights.

Potential ColdFusion security issue

Posted on July 3, 2009 by David Lenoe | Comments (0)

Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week. In the meantime, ColdFusion 8 administrators are advised to mitigate this issue by following the steps below:
1. Disable connectors by setting config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Remove unused cfm files under editor/filemanager/connectors/cfm directory of the FCKeditor.
3. Inspect FCKeditor directories for content that has already been uploaded. The uploaded files go under the directory specified in the config.UserFilesPath set in config.cfm.
This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Security Bulletin Advance Notification

Posted on June 4, 2009 by Brad Arkin | Comments (0)

Adobe expects to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday, June 9. This is the first quarterly security update for Adobe Reader and Acrobat as described in our May 20 blog post, and incorporates the initial output of code hardening efforts.
Adobe considers this a critical update and recommends users be prepared to apply the update for their product installations. Details of where to download updates will be posted to Adobe’s Security Bulletins and Advisories support page on June 9.
Details regarding security updates for the UNIX platform will be communicated when available.
This posting is provided “AS IS” with no warranties and confers no rights.