Adobe Patches Multiple Bugs in PDF

After admitting a serious flaw in its well-known Acrobat and Reader software, Adobe a week later patched multiple bugs to prevent attackers from loading malicious code on reliable PDF documents to capture control of PCs.

In an advisory Adobe said the flaws affected Adobe Reader and Adobe Acrobat Standard Elements and Professional version 7.0.8 and previous ones, as well as Adobe Acrobat 3D. Secunia rated the Reader vulnerability as "highly critical".

Adobe issued the version 7.0.9 updates on January 9, 2007 that would handle security gaps to stop outsiders from exploiting them and accessing hard disk drives. The attackers achieve this by planting malicious links in PDF files running on exposed computers.

In a posting on its website Adobe urges users of Adobe Reader to update to the latest version, Reader 8. For users of Adobe 7 who wish to maintain their current version can go by the instructions given in the bulletin. Adobe also outlined recommendations for servers that host Adobe website and operators of the site.

The updates came after two Italian security researchers discussed vulnerability in Open Parameters feature in Adobe Reader. The flaw could enable distant attackers to plant arbitrary JavaScript into a browser. Concerns grew after the discovery because the flaw was easy to exploit for launching an attack with the use of PDF files being hosted on a website.

Version 7.0.9 also fixes an earlier unknown hole that researcher Piotr Bania working independently has made open. Attackers can exploit this vulnerability to inject and run malware in the Windows and Linux versions of Reader 7.0.8 and previous versions, through PDF files.

Bania has, however, not demonstrated the exploit because he thinks the flaw is too severe and makes undesirable effects.

Updates for Windows, Linux, and Mac OS X versions of the 7.0.9 Acrobat and Reader are available on the Adobe Web site for download. Users of Mac OS X who want to upgrade from 7.0.8 can avail another patch without the need to download and install the entire applications.

Adobe Acrobat and Adobe Reader 6.x, vulnerable to cross-site scripting flaw will soon have updates, said a company spokesman.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 16-01-2007

 

All SPAMfighter products offer a free trial!

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now

Full disk or slow disk?
Disk space recovery
and disk optimization. Try FULL-DISKfighter free


Spam Filter for Exchange Server

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove spyware

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software

Antivirus software for your Windows PC - Free 30 days trial

<<<  >>> 

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Intel Software Partner