More Adobe Update Information

Adobe has issued an important announcement, much of it relating to the impact of vulnerabilities in the Microsoft Active Template Library (ATL)  flagged as CVE-2009-0901, CVE-2009-2395, CVE-2009-2493 and described in Microsoft Security Advisory (973882) on Adobe products used as Internet Explorer plug-ins. 

It appears that Flash Player and Shockwave Player "leverage" vulnerable versions of ATL.

According to Adobe, the Adobe Reader browser plug-in for Internet Explorer, Connect Pro, Flash Lite for mobile devices, LiveCycle SAP Forms and other products are not subject to the above vulnerabilities. Flash Player within Firefox and other browsers (apart from IE) do not share the vulnerabilities, and nor do Flash Player and Shockwave Player on Macintosh, Linux and Solaris.

The latest version of Shockwave Player, which is now available for download (http://get.adobe.com/shockwave), has been patched. The Flash Player vulnerability will be patched in the update due on July 30, 2009.

Sensibly, Adobe recommend the installation of the MS09-034 security update, which provides mitigation against the vulnerabilities in the relevant versions of ATL.

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Author David Harley, ESET

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
28 Jul 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.