Symantec has identified a vulnerability in Adobe Flash.
Patrick Fitzgerald on Symantec’s blog, noted their discovery of an Adobe Acrobat PDF file that ‘upon opening drops and executes a malicious binary.’ Fitzgerald goes on to say in the post, ‘It was quite clear that this PDF was exploiting some vulnerability in order to drop its payload.’
Fitzgerald also noted that upon further inspection it was a new vulnerability that they had not seen in the wild before. ‘What was even more surprising was that this vulnerability affects Adobe Flash — not Adobe Reader as we initially suspected.’
He writes, ‘The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique.’ Fitzgerald also noted that in the newly discovered exploitation the PDF exploiting the vulnerability includes multiple Flash streams. And that their testing revealed the vulnerability is exploitable on both Windows XP and Vista, but the dropped executables will not run on Vista if UAC is enabled.
Adobe posted on its site, that it was aware of the ‘potential vulnerability’ and would update users with more information soon.
Using an alternative reader like those from Nitro PDF Software or Foxit might be a short-term solution. Or users can also disable the Flash in Adobe Reader 9 and disable Flash Player as well.