Remember how Adobe warned of "zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products" less than 4 months ago?

If not, then see this Backpage News item.

Well, it's happened again:

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

As before, the file authplay.dll is at fault and, as before, the mitigation is to delete / rename it until a patch becomes available.

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

See the Security Advisory for all the details: http://www.adobe.com/support/security/advisories/apsa10-05.html

.

Adobe Reader sucks. It is so slow and bloated.

I use Evince on Linux and SumatraPDF on Windows.

Just saw that Evince is available on Windows too, but haven't tried it there.

http://projects.gnome.org/evince/

Adobe Reader 9 is actually faster than some of the earlier versions. Yes -- really!

Not much information about the Windows package for Evince, but it's version 2.30.3, which is under 4 months old and is the last in the 2.30 series, before version 2.32 was released about a monthe ago for Ubuntu.

.