Security Advisory SA42030 - Adobe Reader / Acrobat authplay.dll Multiple Vulnerabilities

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA42030

Adobe Reader / Acrobat authplay.dll Multiple Vulnerabilities

Secunia Advisory

SA42030

Release Date

2010-10-28

Last Update

2010-11-17

Popularity

21,282 views

Comments

2 comments

Criticality level

Extremely critical

Impact

Security Bypass
Exposure of sensitive information
System access

Where

From remote

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Software:

Adobe Acrobat 9.x

Adobe Reader 9.x

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

Description

Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

The vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe Flash Player.

For more information:
SA41917

The vulnerabilities are reported in versions prior to 9.4.1.

Solution
Update to version 9.4.1.
Changelog
Further details available to Secunia VIM customers

Original Advisory
Adobe (APSA10-05, APSB10-28):
http://www.adobe.com/support/security/advisories/apsa10-05.html
http://www.adobe.com/support/security/bulletins/apsb10-28.html

Other references
Further details available to Secunia VIM customers

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Adobe Reader / Acrobat authplay.dll Multiple Vulnerabilities

User

Message

landmolpin

RE: Adobe Reader / Acrobat authplay.dll Multiple Vulnerabilities

29th Nov, 2010 02:48

Score: 1
Posts: 1
User Since: 13th Dec 2008
System Score: N/A
Location: US
Last edited on 29th Nov, 2010 02:48

The test checks for the AcroRd32.exe and not the authplay.dll version. For the 9.4.1 patch, the .exe does not change versions. Only the .dll. So even when the system is patched, it shows that the patch is needed.

Was this reply relevant?

-2

kxxxk

RE: Adobe Reader / Acrobat authplay.dll Multiple Vulnerabilities

8th Dec, 2010 05:45

Score: 0
Posts: 8
User Since: 8th Jan 2009
System Score: N/A
Location: N/A
Last edited on 8th Dec, 2010 05:45

Secunia, please note and correct your scan. Thanks.

Was this reply relevant?

-0

Secunia Advisory SA42030

Adobe Reader / Acrobat authplay.dll Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?