A critical zero-day vulnerability in Adobe Reader, Acrobat and Flash Player is currently being actively exploited by cybercriminals.The flaw, which could cause a crash or allow an attacker to take control of an affected system, is present in the latest version of Adobe Flash Player (10.0.45.2) and earlier for Windows, Macintosh, Linux and Solaris operating systems.
Note:The bug also affects the authplay.dll component of Adobe Reader and Acrobat 9 for Windows, Macintosh and UNIX operating systems.
The flaw currently remains unpatched with no schedule for a fix. It was rated “extremely critical” or a 5 out of 5 by Danish vulnerability tracking firm Secunia. Adobe has provided a workaround for affected versions of Adobe Reader and Acrobat. Users can mitigate the threat by deleting or renaming the authplay.dll file in Adobe Reader and Acrobat, Adobe said. Doing so could, however, cause an error message or non-exploitable crash when opening certain PDF files.
Path for finding the file:C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
In addition, a prerelease version of Flash Player 10.1, which is currently available, does not appear to be affected by the vulnerability,you can have free download.
