by Playfuls Staff |
11th January 2007
Adobe has released an update that fixes critical flaws in
its popular .pdf viewer. According to the company’s website, the Security Bulletin issued by Adobe addresses several [more] vulnerabilities, including issues that have
already been disclosed. Adobe recommends that users update to the most current
version of Adobe Reader or Acrobat available. Also, an update is available for a cross-site scripting
(XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat
that could allow remote attackers to inject arbitrary JavaScript into a browser
session.
This vulnerability, previously reported in APSA07-01 on
January 4, 2007, has been assigned an important severity rating. This issue is
specific to Windows and Linux operating systems. Exploitability depends on the
browser and browser version being used. This vulnerability does not allow
execution of binary code. This issue is remotely exploitable.
Adobe has provided workarounds for website operators to
prevent the cross-site scripting vulnerability from the server side.
Additional vulnerabilities have been identified in versions
7.0.8 and earlier of Adobe Reader and Acrobat that could allow an attacker who
successfully exploits these vulnerabilities to take control of the affected
system.
These vulnerabilities have been assigned a critical severity rating. A
malicious file must be loaded in Adobe Reader by the end user for an attacker
to exploit these vulnerabilities. These issues are remotely exploitable.
