Adobe Fixes One Program, Discovers Bug In Another

'Adobe Systems', on December 5 2006, updated its free 'Reader application' to patch a "critical" flaw. With this, it warned users of its 'Download Manager' that hackers could compromise a 'Mac' or 'Windows' computer by exploiting a worm in that component.

'Adobe Reader 8.0' running on Windows remedied vulnerability in the 'AcroPDF ActiveX control' operated to view PDF documents within Microsoft's Internet Explorer. Adobe had informed earlier that there were possibilities of hacking PCs by exploiting Windows versions of 'Reader 7.0' through 'Reader 7.0.8'.

Adobe in a statement explained, IT managers wanting to manage the distribution of confidential data by applying advanced document control can depend on 'Adobe Reader 8' that offers viewer ship for the organization. This means 'Adobe Reader 8' allows exchange of 'trusted information' between business organizations, government agencies, constituents and consumers who view, print, search, digitally sign, and work with PDF files.
Adobe's Website offers free download of 'Adobe Reader 8', which is the final part in the 'Adobe 8 suite' released in November this year.

While Adobe was fixing one of its programs, a bug infected another. Adobe issued a warning to its users.

According to the 'vulnerability tracking' firm 'Secunia', the "highly critical" worm in versions 2.1 and previously of its 'Download Manager' is a result of a 'boundary error' when dealing with 'section names' in the "dm.ini" file as the application acts on AOM files. In an advisory, the company said that attackers could exploit the security flaw to allow a 'stack-based buffer overflow' that could execute an arbitrary code.

As per the company security bulletin released on December 5 2006, for a successful attack, users must load a malicious Adobe file when they visit a website, or via e-mail.

'Adobe Download Manager' is a unique independent application that refines the process of downloading files from Adobe. Customers, who have installed Adobe software on their PCs including 'Adobe Reader', may have installed 'Adobe Download Manager'.

Adobe recommends users to uninstall any affected software. The company has assured that software distributed from www.adobe.com is using 'Adobe Download Manager 2.2', which is unaffected by the flaw.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 12/11/2006