ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe plugs critical hole in Download Manager

By | February 23, 2010, 1:12pm PST

Summary: The vulnerability, discovered by Aviv Raff, could potentially allow an attacker to download and install unauthorized software onto a user’s system.

Adobe today shipped a patch for a critical vulnerability in its Download Manager utility, warning that hackers could exploit the issue to take full control of Windows computers.

The vulnerability, discovered by Aviv Raff, could potentially allow an attacker to download and install unauthorized software onto a user’s system, Adobe said in an advisory.

[ SEE: Skeletons in Adobe's security closet ]

The vulnerability affects Adobe Download Manager on Windows (prior to February 23, 2010).

The Adobe Download Manager, which is used to push security patches to Windows computers, is intended for one-time use and is designed to remove itself from the computer after use at the next computer restart.

However, Adobe is recommending that users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine.

Here are the instructions from Adobe’s security advisory:

  • Ensure that the C:\Program Files\NOS\ folder and its contents (”NOS files”) are not present on your system. (If the folder is present, follow the steps below to remove).
  • Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” is not present in the list of services.

If the NOS files are found, the Adobe Download Manager issue can be mitigated by:

  • Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.

OR

  • Clicking “Start” > “Run” and typing “services.msc”. Then deleting “getPlus(R) Helper” from the list of services.
  • Then delete the C:\Program Files\NOS\ folder and its contents.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Download Manager, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

45
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Adobe plugs critical hole in Download Manager
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
Adobe should shut shop
sj2@... 23rd Feb 2010
High time Adobe took a hiatus from doing business and fixed all it's bugs. With around 4-5 Windows/Mac desktops/laptops at my home, I am sick and tired of patching Adobe products on an almost daily basis. Adobe, please die!!
0 Votes
+ -
Amen.
AzuMao 23rd Feb 2010
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
lovedong 13th Sep
Good post,thank you. replica watches
0 Votes
+ -
You think they serve customers when they should be making software? UR nuts
Robert Carnegie 2009 24th Feb 2010
You seem confused. You want Adobe to

(1) Stop selling software and concentrate on writing it.

(2) Die.

Let's go back to (1). Friend... they are writing software right now. They have people who do nothing but that all day. (And go to meetings, but that's the cost of doing business in a post-Dilbert economy.) And their sales people are not programmers and their programmers are not salespeople. They wouldn't be good at it.

Also... if they weren't writing new software, they'd have nothing to sell.
0 Votes
+ -
It's easy at home...
rag@... 24th Feb 2010
Try keeping up with 1,200+ computers on a college campus.
0 Votes
+ -
You just proved his point
Wintel_BSOD 24th Feb 2010
Adobe should shut up shop and die.
0 Votes
+ -
By that same metric...
Rick_K 25th Feb 2010
Microsoft, Apple, Google, Mozilla, etc. should all do the same. None of
these companies put out a perfect product, so they should all just
shutter their respective shops and die. Hell we should all just disconnect
the internet while we're at it. My suggestion is that everyone using a
computer go outside their house (apartment, and in the case of the
extreme windows zealots, their Mom's basement), and cut the cable,
wire, etc.
0 Votes
+ -
whaaaaa....whaaaaa
Wintel_BSOD 25th Feb 2010
mommieeeeee......mommieeeeee.....whaaaa.....


lol... grin
0 Votes
+ -
Die or shut... that's the quack, sorry, quest..excuses again,..the question
CacoLaMora 10th Mar 2010
Or... they should die and shut up shop. Probably they had left reviving back doors or re incarnation services...
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
imsafeonline 23rd Feb 2010
Adobe said: "Clicking ?Start? > ?Run? and typing ?services.msc?. Then deleting ?getPlus(R) Helper? from the list of services."

Is this a new way to delete a Windows service ? lol
0 Votes
+ -
Re: New way to delete Windows service
wizard57m@... 23rd Feb 2010
We can "assume" Adobe thinks so...that's why the darned download helper isn't deleted in the first place!
Which begs the next question..."Adobe, does this really patch a security flaw? What other 'updates' are handled in similar fashion?"
Could explain a lot of issues with Adobe of late.
{;-)
0 Votes
+ -
No, in Windows you have to use the command line to delete services.
AzuMao 23rd Feb 2010
0 Votes
+ -
You can disable them in services.msc
Wintel_BSOD 24th Feb 2010
Adobe, on the other hand, seems so unfamiliar with Windoze that they confused "delete" with "disable".

You'd actually have to go into the Registry and delete the entries for Adobe Updater if you want to keep it from appearing in services.msc
0 Votes
+ -
Maybe...
lehnerus2000 25th Feb 2010
Maybe they don't want you to delete it.

Maybe they want you to keep their "backdoor" available for future use.

lehnerus2000
0 Votes
+ -
No doubt
Wintel_BSOD 25th Feb 2010
But not on my machine.
0 Votes
+ -
ZDnet plugs critical spam-hole on blogsites?
Agnostic_OS 23rd Feb 2010
When will xinye and the rest be blocked?
0 Votes
+ -
How do you delete the GetPlus service?
Smart_Neuron Updated - 24th Feb 2010
Hi Ryan,

How do you delete the GetPlus Service via the MMC?
Obviously, it cannot be deleted from there :0(

How can this be done from the Command Line?

Does Adobe have a patch for this?

TIA
0 Votes
+ -
Just the Questions I Need Answered Also
EBathory 24th Feb 2010
I found the baddie on my system. Someone please advise how to manually delete GetPlus. Thanks!
0 Votes
+ -
I need the answer too
misceng 24th Feb 2010
There seems to be no way to delete GetPlus
0 Votes
+ -
Get Plus won't delete
ncstuart@... 24th Feb 2010
I have tried all of the hints in today's 02/24) ZDnet.com and although I can isolate GetPlus, there seems no way to delete it. Please help someone who is interested, but not a tech person.
Thanks much, Nancy
0 Votes
+ -
You could try a couple of things
Wintel_BSOD 24th Feb 2010
You could try Revo Uninstaller and see if it shows up in there.

Or jv16PowerTools which has an excellent uninstaller. I've deleted many a crapware using jv16PowerTools.
0 Votes
+ -
Here is how to delete the GetPlus Service.
Smart_Neuron Updated - 24th Feb 2010
Hi all:

Adobe should have mentioned how to do this and ZDNet should have cought that, instead of just copying and pasting Adobe's error.

I thought about it a bit and then realized that I had to use the SC command.

Here is a link that will help you get rid of this service and be done...

http://techie-buzz.com/how-to/delete-services-in-windows.html

This procedure should also apply to Windows 7.

If the SC command is *not* active on your computer, you can use the Autoruns program from Microsoft Sysinternals...

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Hope this helps!
0 Votes
+ -
Excellent idea
Wintel_BSOD 24th Feb 2010
Here is a link that will help you get rid of this service and be done...

http://techie-buzz.com/how-to/delete-services-in-windows.html

Just got rid of Google's stupid Updater using this. Thanks.
0 Votes
+ -
Thank you
ebhb2004@... 24th Feb 2010
Thank you for the fix
0 Votes
+ -
system restore, it could come back...
ronangel 24th Feb 2010
After you have carried out removal instructions turn off system restore & then turn on again otherwise if used program could come back again. this procedure should be used after clearing any virus or trojan from your system.
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
schoker2@... 24th Feb 2010
Without referring to other sources just do the following from a command prompt which you can get by typing in 'cmd' in the Run command

C:\>sc delete getPlusHelper

Note the space between sc and delete, and delete and getPlusHelper
0 Votes
+ -
Access denied when executing cmd c:\>sc delete getPlusHelper
dcotts 24th Feb 2010
I attempted to remove getPlusHelper using cmd
"c:\>sc delete getPlusHelper"

I received
"[SC] OpenService FAILED 5:

Access is denied."

I'm using Vista

Why?

Anything else I need to know or do to remove getPlusHelper.

I shall wait until Adobe changes its instructions to remove getPlusHelper.
0 Votes
+ -
Worked for me on XP
Wintel_BSOD 24th Feb 2010
But your using POS Vista, so...

Are you temporarily logged in as admin?
0 Votes
+ -
Thanks but....
xadobeusr 25th Feb 2010
The sc command worked for me using XP home, but now I did a search in the registry and there are gobs of getPlusHelper entries. Are they bad?
0 Votes
+ -
Nah, leave 'em alone
Wintel_BSOD 25th Feb 2010
Those old registry entries won't make a difference. Just make sure getPlusHelper was deleted from services.msc

If you no longer see it in there, then that command line worked.
0 Votes
+ -
Maybe I missed something...
smtp4me@... 24th Feb 2010
The last time I downloaded something from Adobe - I didn't see an option to get the software WITHOUT using their download manager - maybe I missed something.

This brings up one of my pet peeves - companies that install additional, unnecessary software without giving the user the option to say no, and introducing a security risk with a vulnerable appplication. After my download finished, I immediately removed Adobe's download manager. Now I am relieved for having the good sense to uninstall their unwanted crap!

There are alternative PDF readers available, unfortunately I have not found shockwave and flash plug-ins from other vendors, otherwise I would never download an Adobe application again!
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
bd1235 24th Feb 2010
It is possible and is desirable (IMO) to download Adobe Reader without using the Download Manager. Here is how.

When you click the button to get Adobe Reader the next page tries to download the download manager but it has to ask your permission. On that page, titled Download Notes, you will see some text:

"Thank you. Your download will start automatically.
If it does not start, click here to download."

Do I need to say more except that the URL for the download of the full Adobe Reader is http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.3/enu/AdbeRdr930_en_US.exe . This url has the AR version number in it so it will change with future versions.
0 Votes
+ -
Addendum
Fred Cone 25th Feb 2010
Also, ?getPlus(R) Helper? was removed.
0 Votes
+ -
An adobe house...
baboddonggae 24th Feb 2010
turns back into mud every time it rains. It rains a lot. At this point people should be looking for a more
reliable building material.
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
Fred Cone 25th Feb 2010
What about "C:\Program Files (x86)\NOS" in 64-bit Windows 7 and Vista systems?

The step:

* Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove ("Uninstall" on my system) to remove the Adobe Download Manager from your system.

did remove "C:\Program Files (x86)\NOS" from my Win7 64-bit system.
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
jwhitmor@... 27th Feb 2010
The next thing you know... There will be persistent "flash cookies", or Adobe apps that can use your web-cam or microphone without you specifically enabling them. Thank Heaven, Photoshop doesn't "phone home" almost every time you start it. Oh my gosh! these nightmares of inconsiderate snooping are already here.

At least Adobe has an Online "Opt-Out" privacy web page (that as near as I can tell does nothing).
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
Shailow 8th Aug 2010
I use a program called [Sharing max] , I guess it's very fast & it has a lot options
for example I give it a link of a page & it filters the page from all unwanted contents & download all links available for download.
I download videos from youtube with just putting the link at [sharing max].
It has an option for automatically downloading all links at the page whenever you enter a new site .The best of them all is that it's free grin
http://audioshareware.com
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
efsane Updated - 8th Apr 2011
Well done! Thank you very much for professional templates and community edition
sesli sohbet sesli chat
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
MACKENZI 11th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
PEARLINEI 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
MCKNIGH 26th Sep
Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
MEJIAHA 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Adobe plugs critical hole in Download Manager
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix