Adobe Closes Critical Acrobat And Reader Holes


Recommended Posts

13 May 2009, 10:17

Adobe closes critical Acrobat and Reader holes

"As promised last week, Adobe has released security updates that patch several security flaws in its Adobe Reader and Acrobat products. The updates fix a recently announced critical buffer overflow in the JavaScript function getAnnots() that could be used by an attacker to crash either application and potentially allow them to take control of the affected system. For an attack to be successful the user must first open a specially crafted malicious PDF document. Version 9.1.1, 8.1.5 and 7.1.2 of Adobe Reader and Acrobat fix the problem.

The UNIX version update closes a second hole in the JavaScript functionality where the customDictionaryOpen method can be manipulated to cause a denial of service or execute arbitrary code. Adobe Reader 9.1.1 for UNIX corrects the vulnerability.

All users that have not yet updated, are advised to do so. The updates are available to download for Windows, Mac and UNIX."

See also:

Security Updates available for Adobe Reader and Acrobat, Adobe Security Bulletin.

Buffer overflow issues in Adobe Reader and Acrobat, Adobe Security Bulletin.

Demo exploits for new vulnerabilities in Adobe Reader, a report from The H.

F-Secure advises against using Adobe Reader, a report from The H.

Heise security - http://www.h-online.com/security/Adobe-clo...s--/news/113272

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...