Posted by: Dan O'Connor
0-day, adobe, exploits, nist
Not that this is anything special, its the remediation steps that caught my eye. Also the number of platforms affected.
Just delete the lib!
Adobe Reader and Acrobat 9.x - Windows Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Adobe Reader 9.x - Macintosh 1) Go to the Applications->Adobe Reader 9 folder. 2) Right Click on Adobe Reader. 3) Select Show Package Contents. 4) Go to the Contents->Frameworks folder. 5) Delete or move the AuthPlayLib.bundle file.
Acrobat Pro 9.x - Macintosh 1) Go to the Applications->Adobe Acrobat 9 Pro folder. 2) Right Click on Adobe Acrobat Pro. 3) Select Show Package Contents. 4) Go to the Contents->Frameworks folder. 5) Delete or move the AuthPlayLib.bundle file.
Adobe Reader 9.x - UNIX 1) Go to installation location of Reader (typically a folder named Adobe). 2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris). 3) Remove the library named "libauthplay.so.0.0.0."
NIST has a little more information.
I really just want to know what the purpose of the DLL file is, but that seems to be hard to find.