Users of the ubiquitous Adobe Acrobat and Adobe Reader software are at risk of code execution attacks.A buffer overflow vulnerability in the widely used Adobe Acrobat and Adobe Reader programs could put millions of computer users at risk of code execution attacks.
According to an advisory from Adobe Systems Inc., a malicious hacker could exploit the flaw to crash the application or launch executable code on a vulnerable system.
"The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader," the company warned.
Because Adobe Reader is installed on most Windows computers to handle PDF (portable document format) files, security exporters are flagging the flaw as "highly critical."
Alerts aggregator Secunia Inc. is strongly recommending that users apply the vendor supplied patches at the earliest opportunity.
Read more here about patches for a file detection flaw in Reader and Acrobat.
Affected versions include Adobe Reader (Windows, Mac OS, Linux and Solaris) and Adobe Acrobat (Windows and Mac OS).
Adobe Reader is the de facto standard used to displays and print PDF files. Formerly known as Acrobat Reader, it is available for free for Windows, Mac, OS/2 and various versions of Unix.
Acrobat is a document exchange software that allows documents to be displayed and printed the same on every computer. The Acrobat system created the PDF standard, which is widely used in commercial printing and on the Web.
In its advisory, Adobe urged Windows and Mac OS users to upgrade to version 7.0.3 via the Adobe Reader's automatic update utility. The program's default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now.
The patch can also be manually downloaded and installed from the company's support Web site.
