A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user’s system.
The Adobe Download Manager is intended for one-time use. The Adobe Download Manager is designed to remove itself from the computer after use at the next computer restart.
However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine using the instructions below.
Users, who have downloaded Adobe Reader for Windows or Adobe Flash Player for Windows from prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below:
- Ensure that the C:Program FilesNOS folder and its contents (“NOS files”) are not present on your system. (If the folder is present, follow the steps below to remove).
- Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” is not present in the list of services.
If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
- Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
- Clicking “Start” > “Run” and typing “services.msc”. Then deleting “getPlus(R) Helper” from the list of services.
- Then delete the C:Program FilesNOS folder and its contents.