Adobe has announced that a critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system.
Users who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below.
- Ensure that the C:Program FilesNOS folder and its contents ("NOS files") are not present on your system. (If the folder is present, follow the steps below to remove).
- Click "Start" > "Run" and type "services.msc". Ensure that "getPlus(R) Helper" is not present in the list of services.
If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
- Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
- Clicking "Start" > "Run" and typing "services.msc". Then deleting "getPlus(R) Helper" from the list of services.
- Then delete the C:Program FilesNOS folder and its contents.