Adobe Security Flaw worse than initially thought?
A flaw discovered in Adobe Download Manager may have been underestimated in its severity. A researcher discovered that he could manipulate the ActiveX script and ultimately perform the remote installation of programs on a PC.
The flaw becomes evident when an update or installation of Adobe Reader or Flash is made on a PC using Internet Explorer.
As if this wasn't bad enough, Adobe is now being accused of downplaying the flaw. Aviv Raff said that instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue. He cited an example of a blogger contacting Adobe to inform them of the problem and received a reply that seemed to pay little more than lip-service to the issue.
Adobe is alleged to have claimed the flaw only permits the download of Adobe products but various sources now suggest it can be used for other application installations - and that would open the door to millions of PC's across the planet being vulnerable to attack.
At the time of writing, Adobe are said to now be working with the researcher and the components third party developer to try to resolve the issue.
Potential scope
The vast number of Adobe Download Manager instances on computers across the world makes this particular flaw one of potentially huge impact.
With every installation of Adobe Flash being vulnerable, we just hope that Adobe manage to resolve this one quickly before too many hackers decide to experiment with it.
