Irregular Expressions

Oct 28 2010   11:46PM GMT

Adobe 0-Day



Posted by: Dan O'Connor
Tags:
0-day
adobe
exploits
nist

http://www.adobe.com/support/security/advisories/apsa10-05.html

Not that this is anything special, its the remediation steps that caught my eye. Also the number of platforms affected.

Just delete the lib!

Adobe Reader and Acrobat 9.x - Windows
          Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and
          Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable
          crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x
 for Windows is typically located at C:\Program Files\Adobe\Reader
9.0\Reader\authplay.dll for Adobe Reader or C:\Program
Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Adobe Reader 9.x - Macintosh 
          1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
          5) Delete or move the AuthPlayLib.bundle file.
Acrobat Pro 9.x - Macintosh
          1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
          5) Delete or move the AuthPlayLib.bundle file.
Adobe Reader 9.x - UNIX 
          1) Go to installation location of Reader (typically a folder named Adobe).
          2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).
        3) Remove the library named "libauthplay.so.0.0.0."

NIST has a little more information.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1285

I really just want to know what the purpose of the DLL file is, but that seems to be hard to find.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: