Today's Adobe Patches and Vulnerablities

Published: 2010-11-04
Last Updated: 2010-11-04 22:27:50 UTC
by Johannes Ullrich (Version: 1)
19 comment(s)

It is not easy to keep up with Adobe these days. Patches and new exploits are almost released on a daily schedule. So here is the current "State of Adobe" the way I see it:

Product Latest Version Latest Vulnerabilities
PDF Reader 9.4.0

version 9.4.0 (latest version) is vulnerable
Adobe Reader Unspecified Memory Corruption Vulnerability
Secunia #SA42095, no CVE Number assigned yet
Flash Player 10.1.102.64 version 10.1.85.3 is vulnerable. Patch released today (Nov. 4th)
"Authplay Vulnerability"
CVE-2010-3654
Shockwave Player 11.5.9.615 11.5.9.615 (latest version) is vulnerable
Shockwave Settings" Use-After-Free Vulnerability)
Secunia# SA42112, no CVE Number assigned yet
Acrobat 9.4.0 version 9.4.0 (latest version) is vulnerable
"Authplay Vulnerability"
CVE-2010-3654

 
Air 2.5 version 2.0.3 is vulnerable (old version)

 Please let me know if you have corrections, or better if you find a simple overview about "the state of Adobe bugs" on Adobe's own site. Any Adobe people out there: Feel free to copy the concept :). This table will be "frozen" to today's state and we may update similar, updated tables in the future as a new article.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe
19 comment(s)

Comments

Holy moley, this will be helpful! Thanks! :)

I'd encourage Adobe to focus less on pushing partnered content (web browser toolbars or a/v products) with the Adobe product downloads, and instead create a support page that serves the exact purpose as what Johannes has created here.

Also, links to such things as the tests to confirm installation of Flash/Shockwave/Air could be included there, too. Extra points would be awarded if the tests would accurately identify installed version numbers.

In the meantime, thanks again!

Joel

Nov 4th 2010
1 decade ago

The FlashPlayer page http://www.adobe.com/software/flash/about/ will show you your installed version and the current versions. The Shockwave player page http://www.adobe.com/shockwave/welcome/ shows your installed version if you hover over the sample, but does not show current versions.
I can't imagine why Adobe hasn't made these pages consistently useful...

Paul

Nov 5th 2010
1 decade ago

In the newest issue (table's first issue) Adobe provides a workaround for Adobe Reader versions 9.2 and 8.1.7 or later:
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
Additionally, it states that Adobe Acrobat is not affected.

Juha-Matti

Nov 5th 2010
1 decade ago

We still have https://www.mozilla.com/en-US/plugincheck/ to go to for pluginchecks, for most browsers (IE and Opera tested today).

At the present it still says Flash Player 10.1.85.3 is CURRENT but I hope this is updated shortly.

It finds the "Microsoft Office 2010" plugin, but does not know what it is.

dotBATman

Nov 5th 2010
1 decade ago

Very useful table.

Maybe another column titled "Update Available" stating "Yes", "ETA dd.Mmm.yy" or "No" would make the table easier to read / script.. :)

I wish we could all agree on one location and format for this table, for all operating systems and applications. That way software authors and users would only need to update / check once.. Utopia!

dotBATman

Nov 5th 2010
1 decade ago

Latest Flash Player version is 10.1.103.19

Juanma Merino

Nov 5th 2010
1 decade ago

@Juanma
Flash Player version 10.1.102.64 reads as version 10.1 (r102) - at least for the Windows version of Flash Player.

Ottmar Freudenberger

Nov 5th 2010
1 decade ago

For those scripting these things there is an updated Flash Uninstaller;
uninstall_flash_player.exe (228 KB) (updated 04.Nov.2010).
http://kb2.adobe.com/cps/141/tn_14157.html?promoid=DTEGO

dotBATman

Nov 5th 2010
1 decade ago

@Juanma - I am abit worried that you are referring to a version I can't see on Adobe's pages. No offense, but I'm afraid I have to give advice to ISC readers that you should NOT run to Google to search for the 10.1.103.19 version.. ;-)

I'd trust http://www.adobe.com/software/flash/about/

dotBATman

Nov 5th 2010
1 decade ago

Why does Adobe make it next to impossible to simply download the updated version without installing?

eddie

Nov 5th 2010
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives