Adobe released on Wednesday (24/2) a fix for a vulnerability in critical Download Manager Windows utility used to download the two most popular products of the company, Adobe Reader and Flash Player.

Failure "potentially allows attackers to download and install unauthorized software on the users system," he acknowledged in an Adobe security bulletin.

The Israeli security researcher Aviv Raff disclosed the vulnerability last week when he said that attackers could use the Download Manager to install any executable file, including attack code.

"If you go to the Adobe website to install a security update for Flash, you will be exposed to a zero-day attack," said Raff.

The Download Manager is not the update mechanism of Reader and Flash Player - this is Adobe Updater - but who manages the transfer of files from Adobe's website.

Among other things, the manager resume interrupted downloads and queues up multiple files for download. The utility is not an Adobe product, but a modified version of getPlus +, licensed from NOS Microsystems.

Even if the Download Manager is removed from Windows when the system is restarted, Raff said he still represents damage because many machines are switched on for days and weeks before being disconnected.

"Adobe recommends users verify that the vulnerable version of Adobe Download Manager is not installed on their machines," the company said in the bulletin.

The steps that Adobe recommends that made include search the hard drive for a folder "C: \ Program Files \ NOS \" or enter "services.msc" in a Windows command line, then delete the "Helper getPlus' of list.

Users need not tamper with the Reader or Flash Player, Adobe said, as the vulnerability does not affect the programs.

Source: