Adobe Reader Virus Alert

Adobe has announced a vulnerability in the latest version of REader, Acrobat
and Flash Player. This vulnerability may allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial-of-service condition.
Adobe announced that until there is a fix for the vulnerability users should
rename C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program
Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll. They also state renaming these
files may cause users to experience a non-exploitable crash or error message
when opening a PDF that contains SWF content. Does this mean the pc could
crash or just the Acrobat program? Any suggestions would be GREATLY
appreciated!

http://www.adobe.com/support/securit...apsa09-03.html

This is not a virus! You need not send the text. The URL would do
nicely.

I'm sure your heart is in the right place. Most everyone in the
malware community knows about these.

Your post says "Adobe Reader Virus Alert".

That is NOT correct. This is a vulnerability alert, one dealing with embedded SWF where
the PDF ~1MB.

Vulnerabilities are not viruses. IFF the vulnerability is properly exploited it may lead
to being infected with malware.
The successful exploitation may lead to a virus but not neccessarily, most lead to
trojans.

I took that to mean the application, not the OS, crashes. The choice is
of either having the application crash in an exploitable way, or have it
crash in a non-exploitable way. Receiving a crafted exploit after
renaming away the dll could then only cause a DoS and nothing more.
Unfortuneately, it may also cause crashes when documents with legitimate
uses of flash support are encountered.

This is not a virus, as others have mentioned, and the vulnerability is
in the "Flash support" within those applications.

Quote your source URL the next time and you've nailed it.

Thank you for the heads up. The Acrobat Reader and Flash Player catch
allot of attention from the bad folks.

Have a great evening guys. And once again thanks for your much appreciated
assistance.

Just one more reason to never install Flash.

BetterPrivacy

Adobe has released Reader 9.1.3 and Acrobat 9.1.3 to address a
vulnerability. By convincing a user to open a PDF document embedded with
a specially crafted SWF file, an attacker may be able to execute
arbitrary code.

US-CERT encourages users and administrators to review Adobe security
bulletin APSB09-10 and apply any necessary updates to help mitigate the
risks. Additional information regarding this vulnerability can be found
in US-CERT Technical Cyber Security Alert TA09-204A.

Relevant Url(s):
<http://www.adobe.com/support/security/bulletins/apsb09-10.html>

For those who have patched your Acrobat Reader 9.1.2 to 9.1.3, what is the
date/time stamp of authplay.dll file in the following folder:

C:\Program Files\Adobe\Reader 9.0\Reader

Mine shows 12/18/2009 4:48 PM which I believe is still the old version.

If I'm not mistaken, the new authplay.dll should be stamped 7/22/2009 4:14
PM and the size is approximately 3,564KB (4KB larger than the older
version).

Strange thing is when I click About Adobe Reader 9, it shows version 9.1.3

Does anyone know why? Does it matter?

For me:|

Adobe Flash Player 9.0 r246m,
version: 9,0,246,0,0

Date: 7/22/09

The same for...
"C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll"

A pair of my systems has it in "C:\Program Files\Adobe\Acrobat
9.0\Reader\authplay.dll"

Perhaps this is a remnant of a much earlier install?

In a fixed width font, this points to the 9.

Yes indeed, I meant to type 12/18/2008.

Something went wrong with the upgrade. I did it thru (Windows
Server 2003) GPO.

First I did the following:
msiexec /a AcroRead.msi /p AdbeRdrUpd913_all_incr.msp

Then I copied the deployment folder to the network.

Indeed.

I only wanted to point out that using a caret (^) as a pointer from
below only works if the person reading is using a fixed width font. It's
like ascii art in that respect.