Adobe Download Manager Exploit

Adobe has announced that a critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system.

Users who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below.

  • Ensure that the C:Program FilesNOS folder and its contents ("NOS files") are not present on your system. (If the folder is present, follow the steps below to remove).
  • Click "Start" > "Run" and type "services.msc". Ensure that "getPlus(R) Helper" is not present in the list of services.

If the NOS files are found, the Adobe Download Manager issue can be mitigated by:

  • Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.

OR

  • Clicking "Start" > "Run" and typing "services.msc". Then deleting "getPlus(R) Helper" from the list of services.
  • Then delete the C:Program FilesNOS folder and its contents.

 

Posted on February 24, 2010 by Jonathan Green and tagged Adobe Vulnerability download manager.