Severity: 2/4
 Consequences: user access/rights
 Provenance: internet server
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 24/02/2010

IMPACTED PRODUCTS

 Adobe Acrobat/Reader
 Adobe Flash Player

DESCRIPTION OF THE VULNERABILITY

The Adobe Download Manager product is installed during updates of Adobe Flash or Adobe Reader. This product is uninstalled during the next system reboot.

However, as long as the user did not reboot his system, an attacker can use Adobe Download Manager (NOS Microsystems getPlus Downloader ActiveX) to force the installation of an Adobe product on victim’s computer.

The Adobe Download Manager product can therefore be used to install an unwanted software.

CHARACTERISTICS

 Identifiers: APSB10-08, CVE-2010-0189, VIGILANCE-VUL-9474
 Url: http://vigilance.fr/vulnerability/A...