Vulnerabilities does not spare acrobat too

March 23, 2008
By Computer security

Three vulnerabilities pose a risk to users of version 6.0.0 to 6.0.2 of Adobe’s products. First, there’s a vulnerability in the handling of Flash files embedded in PDF documents that can be exploited to read files on user’s systems. Adobe has also acknowledged multiple flaws in a software library called ‘libpng’. Lastly a format string error in an eBook plug-in creates a risk when parsing .etd files that could be exploited to execute arbitrary code. Security firm Secunia describes the flaws as highly critical. Adobe said that an exploit for the flaws is yet to be released. Users are advised to upgrade to the 6.0.3 version of Reader or Acrobat to defend against the flaws.

Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1. This is an update to resolve the issue previously reported in Security Advisory APSA07-04.

Solutions

Adobe strongly recommends upgrading to Adobe Reader 8.1.1 or Acrobat 8.1.1. Users can utilize the product’s automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now.

Alternatively, the Adobe Reader 8.1.1 update files can be manually downloaded and installed from:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
The Acrobat 8.1.1 update files can be downloaded and installed from:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Adobe will be providing an update to Adobe Reader 7.0.9 and Acrobat 7.0.9 at a later date. For customers who can not upgrade to Adobe Reader 8.1.1 or Acrobat 8.1.1, Microsoft has provided an update to resolve this issue. Please refer to Microsoft Security Bulletin MS07-061 for more information.

Tags: , , ,

Leave a Reply

follow twitter

 

March 2010
M T W T F S S
« Feb    
1234567
891011121314
15161718192021
22232425262728
293031