Now, back to our story.
Aviv Raff has discovered a vulnerability with Adobe�s web site in combination with its Download Manager, an ActiveX script that is used to download updates for Reader and Flash. After a Reader or Flash update the download manager remains running on a user�s machine until it is rebooted. Malicious operators could exploit it to download their code of choice.
Raff demonstrated the flaw by using the download manager to download a copy of Windows calculator.
He has notified Adobe of the problem but not publically disclosed the finer details vulnerability.
Raff�s blog post here.
News story here.
Update 02/23:
Fixed: "Security update available for Adobe Download Manager" here.
Tom Kelchner
No comments:
Post a Comment