Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Detecting the Recent Adobe 0-Day (APSA10-01) with Nessus

On June 4, 2010, Adobe announced a new attack being exploited in the wild that targeted Adobe products, and word spread quickly. Adobe’s security bulletin (APSA10-01) provided few details, but confirmed that attackers were actively exploiting a vulnerability that affected their Flash Player, Adobe Reader and Acrobat. The advisory provided some immediate mitigation techniques such as upgrading Flash Player to 10.1 RC or removing access to authplay.dll for Reader or Acrobat. These mitigations may not be practical for many environments due to upgrade policies or the fact that without authplay.dll, Reader and Acrobat will crash if loading a PDF that contains SWF content.

Tenable has already released two plugins that use a credentialed check on Windows systems to determine the version of Acrobat (Plugin 46851) or Reader (Plugin 46852) installed on a system, check for the presence of authplay.dll in the installation directory and warn if a vulnerable combination is detected for this issue. These plugins complement the older version detection plugins for Acrobat (Plugin 40797) or Reader (Plugin 20836) that can always be used to compare installed software to vulnerable versions listed in Adobe advisories, until more accurate detection plugins can be created.

On June 10, Tenable released plugins to detect the APSB10-14 upgrade for Adobe Air (Plugin 46858) and Flash (Plugin 46859). The Adobe upgrades for these two products fix the 0-day vulnerability in two of the four vulnerable products. Per the advisory, Adobe does not have an upgrade for Acrobat or Reader, but expects to by June 29. When Adobe makes the upgrades available, Tenable will update existing plugins or create new ones as required to verify a system is not vulnerable.

APSA10-01 “0-day” at a Glance:

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.