Adobe plugs critical hole in Download Manager
The vulnerability, discovered by Aviv Raff, could potentially allow an attacker to download and install unauthorized software onto a user's system, Adobe said in an advisory.
[ SEE: Skeletons in Adobe's security closet ]
The vulnerability affects Adobe Download Manager on Windows (prior to February 23, 2010).
The Adobe Download Manager, which is used to push security patches to Windows computers, is intended for one-time use and is designed to remove itself from the computer after use at the next computer restart.
However, Adobe is recommending that users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine.
Here are the instructions from Adobe's security advisory:
- Ensure that the C:\Program Files\NOS\ folder and its contents ("NOS files") are not present on your system. (If the folder is present, follow the steps below to remove).
- Click "Start" > "Run" and type "services.msc". Ensure that "getPlus(R) Helper" is not present in the list of services.
If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
- Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
OR
- Clicking "Start" > "Run" and typing "services.msc". Then deleting "getPlus(R) Helper" from the list of services.
- Then delete the C:\Program Files\NOS\ folder and its contents.