___Status update: Adobe vulnerabilities - exploits-in-the-wild
Last updated: June 8, 2010 - "... We are in the process of finalizing a fix for the issue, and expect to provide an update for Flash Player 10.x for Windows, Macintosh, and Linux by June 10, 2010
. The patch date for Flash Player 10.x for Solaris is still to be determined.
We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010
Title: Adobe Flash, Reader, and Acrobat 0day authplay Vulnerability
Severity: Extreme Severity
June 09, 2010 - "Analysis: This is an active, critical issue being exploited in the wild. We have multiple sources of these attacks with minimal AV detection. We encourage sites to investigate remediation steps immediately to address this.
June 8, 2010 - "... spam run pushing a PDF exploit... screenshot of the PDF attachment..."
Adobe 0-day used in targeted attacks
9 Jun 2010
Date Last Updated: 2010-06-09
Last revised: 06/09/2010
CVSS v2 Base Score: 9.3 (HIGH)
Mitigations for Adobe vulnerability: CVE-2010-1297
June 8, 2010 - "...
1. Renaming authplay.dll
: Our testing shows that this workaround, at least for this sample, works successfully (as claimed by Adobe). Acrobat will work normally on regular PDFs, but on exploited files (and potentially others with embedded SWF files), it will crash, but the exploit will fail.
3. Alternative PDF reader
: The exploit depends upon embedded SWF content, so PDF readers which ignore this ought to be safe..."