Yet ANOTHER Adobe Zero-Day

I haven’t been able to keep up with the most recent Adobe threats, as there have been so many in the last month or two.  Here is the latest Flash vulnerability that now has exploit code in the wild AND apparently, a MetaSploit module to keep the script kiddies busy and happy.

Multiple vulnerabilities have also been recently identified in Shockwave Player, which could allow malicious code to run on the affected system by exploiting memory corruption and buffer overflow conditions.  Some of these vulnerabilities are rated critical by the vendor.  Exploit details were posted for CVE-2010-3653 and functioning exploit code is available in tools such as Metasploit.

I’m thinking it is time once again to get completely rid of Adobe products from my systems.  Shockwave and Flash are cool for web-based eye candy, but when they start introducing this kind of risk, their value is certainly in question.  Reader and Acrobat have already been replaced on my systems.  I hope Adobe can clean up their act, as they are now acquiring other companies and products…