Vulnerabilities does not spare acrobat too
Three vulnerabilities pose a risk to users of version 6.0.0 to 6.0.2 of Adobe’s products. First, there’s a vulnerability in the handling of Flash files embedded in PDF documents that can be exploited to read files on user’s systems. Adobe has also acknowledged multiple flaws in a software library called ‘libpng’. Lastly a format string error in an eBook plug-in creates a risk when parsing .etd files that could be exploited to execute arbitrary code. Security firm Secunia describes the flaws as highly critical. Adobe said that an exploit for the flaws is yet to be released. Users are advised to upgrade to the 6.0.3 version of Reader or Acrobat to defend against the flaws.
Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1. This is an update to resolve the issue previously reported in Security Advisory APSA07-04.
Solutions
Adobe strongly recommends upgrading to Adobe Reader 8.1.1 or Acrobat 8.1.1. Users can utilize the product’s automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now.
Alternatively, the Adobe Reader 8.1.1 update files can be manually downloaded and installed from:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
The Acrobat 8.1.1 update files can be downloaded and installed from:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Adobe will be providing an update to Adobe Reader 7.0.9 and Acrobat 7.0.9 at a later date. For customers who can not upgrade to Adobe Reader 8.1.1 or Acrobat 8.1.1, Microsoft has provided an update to resolve this issue. Please refer to Microsoft Security Bulletin MS07-061 for more information.
