A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier version for Windows, Macintosh, Linux and Solaris operating systems. The authplay.dll component that is shipped with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems said to be vulnerable.
This vulnerability (CVE-2010-1297) can cause a crash and can potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both the Adobe Flash Player, and Adobe Reader and Acrobat.
Here are the affected software versions:
- Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
- Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.
- Flash Player 10.1 Release Candidate
- Adobe Reader
- Acrobat 8.x
Trend Micro recommends the following actions to avoid or contain this issue:
- Update to the latest pattern file. Trend Micro can already detect the malicious PDF as TROJ_PIDIEF.WX since CPR 7.222.02.
- Apply the latest patch from Adobe or upgrade to the latest version/build of the affected Adobe applications.
Below are additional information about this vulnerability: