Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review the security advisory and implement the following workarounds until a fix is available:
- Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll” and “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”.
- Disable Flash Player or selectively enable Flash content as described in the Securing Your Web Browser Document.
Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-204A.
DarkFiber Consulting will provide additional information as it becomes available.