Adobe puts Acrobat flaw on the critical list
PDF peril
Posted in Enterprise Security, 7th December 2006 11:46 GMT
Free whitepaper – Solid State Drives and High-Speed Memory
Adobe users are being urged to upgrade their software after the firm reassessed the impact of a recently discovered vulnerability in Adobe Reader and Adobe Acrobat 7.
The flaw, first discovered last month, was initially thought capable only of crashing Adobe's software. Subsequent investigation revealed the flaw also creates a potential means for hackers to run hostile code in cases where Windows users running the affected software and IE (though not other browsers) visit maliciously constructed websites.
Although not the subject of active exploitation by hackers, the flaw is serious enough for Adobe to advise users to either upgrade to Adobe Reader 8 or replace a buggy library file (AcroPDF.dll) that's the source of the problem, as explained here.
In related news, Adobe also advised users to update its Download Manager software following the discovery of a buffer overflow flaw. The bug, if left untreated, allows hackers to compromise vulnerable systems providing they can trick potential marks into visiting maliciously constructed websites. More details on the bug can be found in Adobe's advisory here. ®
Free whitepaper – Ensuring service assurance in the new normal
The Register Guide to Extended Validation
The Evolving Security Landscape
The Impact of IT Security Attitudes
Risk and Resilience
Linux on the Desktop
