Adobe today shipped a patch for a critical vulnerability in its Download Manager utility, warning that hackers could exploit the issue to take full control of Windows computers.
The vulnerability, discovered by Aviv Raff, could potentially allow an attacker to download and install unauthorized software onto a user’s system, Adobe said in an advisory.
READ: Security Skeletons in Adobe’s Closet
The vulnerability affects Adobe Download Manager on Windows (prior to February 23, 2010).
The Adobe Download Manager, which is used to push security patches to Windows computers, is intended for one-time use and is designed to remove itself from the computer after
use at the next computer restart.
However, Adobe is recommending that users
verify that a potentially vulnerable version of the Adobe Download
Manager is no longer installed on their machine.
Here are the instructions from Adobe’s security advisory:
- Ensure that
the C:Program FilesNOS folder and its contents (“NOS files”) are not
present on your system. (If the folder is present, follow the steps
below to remove). - Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” is not present in the list of services.
If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
- Navigating
to Start > Control Panel > Add or Remove Programs > Adobe
Download Manager, and selecting Remove to remove the Adobe Download
Manager from your system.
OR
- Clicking “Start” > “Run” and typing “services.msc”. Then deleting “getPlus(R) Helper” from the list of services.
- Then delete the C:Program FilesNOS folder and its contents.
