Security expert and researcher Aviv Raff has discovered a serious security vulnerability in Adobe’s Download Manager, which is capable of being exploited by hackers wanting to install and execute malicious content on the PC of a user.
The Adobe Download Manager is used to install updates for the Reader and Flash software using Internet Explorer web browser and the vulnerability poses a serious threat to the PCs of the millions of users that use Adobe’s popular applications.
According the blog post made by the security researcher, the attack exploiting the vulnerability can be mounted with a combination of a defect in Adobe’s website and the bug in the download manager.
Mr. Raff was able to successfully exploit the vulnerability, install and execute his own version of Windows Calculator while giving a demonstration to The Register.
Commenting upon the critical vulnerability discovered by the researcher, Adobe spokeswoman Wiebke Lips said in an emailed statement to the Register that “Adobe is aware of the recently posted report of a remote code execution vulnerability in the Adobe Download Manager. We are working with the researcher, Aviv Raff to investigate and resolve the issue as quickly as possible.”
The security patch for the vulnerability is expected soon and will be posted on Adobe’s PSRIT blog.