Adobe Download Manager Installing Software Without Consent
Slashdot is running an article about a problem in the Adobe Download Manager (ADM) found by Researcher Aviv Raff. The net effect of the problem is that a user can be tricked into downloading and installing software without actual consent.
In a related article in PCMAG.COM, Raff's list of the following software can be downloaded and installed for users that have ADM installed by merely following a link to Adobe's site, including Adobe Flash 10, Adobe Reader 9.3, Adobe Reader 8.2, Google Toolbar6.3, McAfee Security Scan Plus and a half dozen more.
The ADM FAQ explains that ADM is installed when needed and removed when the system reboots. However, this ignores the fact that Adobe downloads don't tyically require a reboot and users might go a long time between them.
Raff also announced that he had found a remote code execution bug in ADM, increasing the danger of remote compromise by an order of magnitude or two.
See more at Security Watch.