Friday, December 08, 2006

Adobe Download Manager 2.1 and earlier should be removed

A critical vulnerability has been identified in Adobe Download Manager 2.1 and earlier. Adobe is recommending that users uninstall these versions of Adobe Download Manager.

Note: Adobe Download Manager is a stand-alone application that improves the process of downloading files from Adobe. Customers who have downloaded software from Adobe, including Adobe Reader, may have Adobe Download Manager installed.

To verify if a vulnerable version of Adobe Download Manager is installed, and to uninstall Adobe Download Manager if necessary, please follow these steps.

Note: These steps are written for College of Ag Sciences Enterprise computers with Windows XP Service Pack 2.

1. Open My Computer. Open Local Disk (C:). Open the Program Files folder.
2. Open the Common Files folder. Open the Adobe folder.

Note: If you don't see an ESD folder, you don't have Adobe Download Manager installed. Stop here.

3. If you see an ESD folder, open the ESD folder.
4. Right-click on the AdobeDownloadManager.exe file and select Properties.
5. Click on the Version tab.
6. If the version is 2.1.x or higher, your version is not affected. Click OK. Close all windows. If the version 2.1.x or lower, you need to uninstall Adobe Download Manager. Click OK. Close all windows.
7. Download the Adobe uninstaller and save it to your Desktop.
8. Double click on the DLMUninst_001.exe file to remove the Adobe Download Manager.
9. Click OK.
10. You can now delete the DLMUninst_001.exe file.

Update available for potential vulnerabilities in Adobe Reader and Adobe Acrobat 7

Critical vulnerabilities have been identified in Adobe Reader 7.0 through 7.0.8 that could allow an attacker to take control of your machine. Adobe is recommending that users update to Adobe Reader 8. For complete steps please see our How To Install and Configure Adobe Reader for Windows.

If you have installed the FULL version of Adobe Acrobat 7 (software that allows you to create PDF documents), Adobe has workaround steps to update the AcroPDF.dll on your machine. This will allow you to keep Adobe Acrobat 7 Professional on your machine and be safe as well. Follow Steps 1 - 5 from the Solution section of this Adobe Security bulletin.

Again, folks who just have Adobe READER installed, should upgrade to Adobe Reader 8.