Security Advisory for Flash Player, Adobe Reader and Acrobat - Adobe Security Bulletin

A critical vulnerability exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.

なるほど、Flash Playerに脆弱性があって、Adobe Reader 9にもC:\Program Files\Adobe\Reader 9.0\Reader\authplay.dllとしてAdobe Flash Player 10.0.45が同梱されているから、

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.


The Flash Player 10.1 Release Candidate available at does not appear to be vulnerable.

とりあえず、Flash Playerはuninstall_flash_player.exeを使ってアンインストールと。
Flash Player のアンインストール手順(Windows)- Adobe TechNote
Flash Player 10.1 RCはあとで追記
追記 より Release Candidate 7 Date Jun 2, 2010
Download plug-in for Windows (EXE, 2.4 MB) より flashplayer10_1_rc7_plugin_060210.exe ファイルバージョン
Download active-x for Windows ? Internet Explorer only (EXE, 2.5 MB) より flashplayer10_1_rc7_activex_060210.exe ファイルバージョン
をダウンロードして実行、Adobe Flash Player 10.1 RC7をインストールしてみた。

アンインストーラ flashplayer10_1_rc7_uninstall_win_060210.exe もダウンロードして保存しておこう。
R2165さんからFlash Player 10.1 RCの不具合についてご教示頂きました。ありがとうございます。m(_ _)m
教えていただいていても、Firefoxクラッシュさせると驚くもんなぁ。Flash Player 10.1 RCをインストールしてあるPCではJavaScript有効( Flash有効)のままのブラウザでは能天気にあちこち表示しないほうがいいかも。

6/7 日本語情報追記
Adobe Reader、AcrobatおよびFlash Playerに関するセキュリティ情報 - Adobe TechNote

6/8 追記
JVNVU#486225 Adobe Flash ActionScript AVM2 newfunction 命令に脆弱性
Vulnerability Note VU#486225 Adobe Flash ActionScript AVM2 newfunction vulnerability - US-CERT

Disable Flash and 3D & Multimedia support in Adobe Reader 9

Flash and 3D & Multmedia support are implemented as plugin libraries in Adobe Reader. Disabling Flash in Adobe Reader will only mitigate attacks using a SWF embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results in a more user-friendly error message instead of a crash.

To disable Flash and 3D & Multimedia support in Adobe Reader 9 on Microsoft Windows, delete or rename these files:

"%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll"
"%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll"

え? rt3d.dllも削除するかリネーム汁!と。