14 DAY TRIAL // Adobe Download Manager is an interesting application that allows users to download Adobe software solution with ease. All you need is to install the program and then visit the official webpage of the software you want (for example, Adobe Reader) and when you'll press Install, the download manager will launch and install the application with ease.
What's so useful in this application? Well, if you're using Internet Explorer without any download manager, your download can by interrupted and you'll be forced to start it from the beginning.
Today, Adobe confirmed that a new vulnerability was discovered in Adobe Download Manager, a flaw that allows an attacker to take control of the affected system.
"A critical vulnerability has been identified in Adobe Download Manager 2.1 and earlier versions that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. This issue is remotely exploitable. A malicious file must be loaded by the end user, via a web browser or e-mail client for instance, for an attacker to exploit this vulnerability," Adobe said.
It seems like the only affected versions are 2.1 and earlier, the company recommending complete uninstall of the software solution.
Security company Secunia rated the flaw "highly critical", saying that "the vulnerability is caused due to a boundary error when handling section names in the "dm.ini" file as created by Adobe Download Manager when processing AOM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted AOM or "dm.ini" file. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website".
If you want to know what version of the application you installed, you should locate AdobeDownloadManager.exe, right click and hit Properties. Then, you should be able to see the version of the application.