Translate To:


[code via DI]

Flash Updates

Subscribe By MailE-Mail Address:

Making Of

MP3

Tips Tricks Hacks

Google Tips

Firefox & IE Tweaks

Vulnerabilities Found

A Note About

Reviewed

Vulnerability In Versions 7.08 And Earlier Of Adobe Reader And Acrobat

This Article Is Sponored By You! | Wednesday, February 21, 2007 by Salman Siddiqui | Comments
I am now blogging on my self hosted blog CompuWorld and started another blog of mine the Senorita


A vulnerability has been reported in Adobe Reader. It is caused due to an unspecified error when processing pdf files.

Related Software Versions
Adobe Reader 7.0.8 and earlier versions
Adobe Acrobat Standard, Professional and Elements 7.0.8 and earlier versions
Adobe Acrobat 3D

Description
A cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat could allow remote attackers to inject arbitrary JavaScript into a browser session.The vulnerability could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. These vulnerabilities have been assigned a critical severity rating. A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities.

Workaround Available [via Adobe Security Advisories]

Adobe Reader on Windows
Adobe strongly recommends upgrading to Adobe Reader 8, available from the following site:
http://www.adobe.com/go/getreader.

Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. Adobe Reader 7.0.9 is available as a full installation package and not a patch. It can be installed on top of any older version of Reader 7 and user preferences will be preserved:
http://www.adobe.com/go/getreader.

If customers are using Adobe Reader 6.0–6.0.5 and are unable to upgrade to version 8 or 7.0.9 due to Operating System constraints for example, Adobe recommends upgrading to version 6.0.6 either via a series of patches from: http://www.adobe.com/downloads or by using the auto-update mechanism within the product when prompted.

Adobe Reader on Mac OS
Adobe strongly recommends upgrading to Adobe Reader 8, available from the following site: http://www.adobe.com/go/getreader.

Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. The Reader 7.0.9 update requires that Adobe Reader 7.0.8 is installed on your Mac system. To determine which version of Adobe Reader is installed, choose Adobe Reader > About Adobe Reader. The version number appears in the upper left corner below the Adobe Reader logo.

If version 7.0.8 is installed, download and install this incremental patch.
After downloading the update file, double-click it to begin the update process and access the file's contents.

If version 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.5, 7.0.7 or an earlier version of Reader is installed and customers cannot update to Reader 8, Adobe recommends that customers download the full Adobe Reader 7.0.9 installer from the Reader download page.

Adobe Acrobat on Windows or Mac OS
For version 7.0–7.0.8, users should utilize the product's automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the update files can also be manually downloaded and installed from www.adobe.com/downloads.

If customers are using Adobe Acrobat 6.0–6.0.5 for Windows and are unable to upgrade to version 8 or 7.0.9 due to Operating System constraints for example, Adobe recommends upgrading to Windows version 6.0.6 either via a series of patches from: http://www.adobe.com/downloads or by using the auto-update mechanism within the product when prompted.

Adobe Reader on UNIX
For version 7.0, users should upgrade to Adobe Reader 7.0.9 from http://www.adobe.com/go/getreader.

For versions prior to 7.0, users should upgrade to 7.0.9 http://www.adobe.com/go/getreader.

Server-side workarounds for website operators
Adobe has provided workarounds for website operators to prevent the cross-site scripting vulnerability (CVE-2007-0045) from the server side. Please review Security Advisory APSA07-02 for more information.

Related:
Vulnerability In MS Office
25th Birthday Of Virus
Hackers Attacked Gorbachev's Website

Technorati Tags: vulnerability in adobe acrobat 7.08, cross-site scripting

Labels: , , ,


My Mom Hates Me Blogging!Will You Help Me Show Her That I Am Good At It...Please?


==========Your Comments==========

>>>>>>>Click Here To Leave Your Precious Comments.<<<<<<<



“This Article”

Recently Published Articles

"Google Me The Movie" - Trailor Available Online - Posted on Sunday, February 18, 2007

You, Your Wife, Your Baggage and Microsoft -- Shar... - Posted on Saturday, February 17, 2007

Yahoo digged, Microsoft On The Way - Posted on Saturday, February 17, 2007

Microsoft To Support "Open"ID - Posted on Tuesday, February 13, 2007

Vienna, The Vista Successor, Planned For Late 2009... - Posted on Monday, February 12, 2007

Vista will choke internet? - Posted on Monday, February 5, 2007

Vulnerability In MS Office Could Give Access To Yo... - Posted on Saturday, February 3, 2007

Spiderman 3, The Movie And The Game - Posted on Friday, February 2, 2007

Will Micro$oft Be Able To Change The Legacy? - Posted on Wednesday, January 31, 2007

SMS the Orkut Scrap - Posted on Tuesday, January 30, 2007

Moved

I am now blogging on my self hosted blog CompuWorld and started another blog of mine the Senorita

Money Makers


PPP Direct

Archives

Blogroll

Recent Comments