Highly critical vulnerabilities discovered in Adobe Reader and Acrobat

Home

Utilities

Highly critical vulnerabilities discovered in Adobe Reader and Acrobat
By K.E. Weinberger
2004-12-21

Article Rating:

/ 0

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

6.0.3 updates issued, Mac update for Acrobat yanked and replaced with 6.0.3a.

iDEFENSE, the security intelligence company, has identified vulnerabilities in both Adobe Reader and Adobe Acrobat Professional and Standard, versions 6.0.0 to 6.0.2. Security information firm Secunia has rated the following issues "highly critical," their second-highest rating for security threats:

1. Malicious code can access your computer when a malicious media file embedded in a PDF file is played by either a Macromedia Flash Player on Windows or a QuickTime Player on Windows or Mac.

2. Systems can be compromised if vulnerabilities in the PNG library (libpng version 1.2.5) are exploited with malformed PNG images

3. A format string error within the eBook plug-in when parsing ".etd" files can be exploited to plant malicious code via a specially crafted eBook containing format specifiers in the "title" and "baseurl" fields.

While there have been no reports of malicious exploits of these vulnerabilities, Adobe Systems is recommending that all users of Reader and Acrobat versions 6.0.0 to 6.0.2 apply the available updates as a proactive measure.

Adobe issued Acrobat and Reader versions 6.0.3 for the Windows and Macintosh OS platforms and then temporarily pulled the Acrobat update for Mac after discovery of a problem in generating PDF files with Microsoft Office 2004 for Mac. Adobe has since issued 6.0.3a updates for both its Acrobat and Reader software for the Mac OS platform. If you have already installed the initial Acrobat 6.0.3 update, you do not need to install 6.0.3a, but another update will be posted as soon as it is available to address the problem with generating PDF files. Look for that update at http://www.adobe.com/support/downloads/new.jsp.

Updates are available at these links:

Adobe Reader 6.0.3 update/Windows:

http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679

Adobe Reader 6.0.3a update/Macintosh:

http://www.adobe.com/support/downloads/detail.jsp?ftpID=2680

Adobe Acrobat 6.0.3 Professional and Standard Update/Windows:

http://www.adobe.com/support/downloads/detail.jsp?ftpID=2677

Adobe Acrobat 6.0.3a Professional and Standard update/Macintosh:

http://www.adobe.com/support/downloads/detail.jsp?ftpID=2676

Adobe has also released Acrobat Reader for Unix 5.0.10 because the email function (mailListIsPdf) in version 5.0.9 is vulnerable to malicious content in PDF files received as either email attachments or links in email messages

	Discuss Highly critical vulnerabilities discovered in Adobe Reader and Acrobat

	>>> Be the FIRST to comment on this article!



	>>> More Utilities Articles >>> More By K.E. Weinberger

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM

Dec 5, 2 p.m. ET
Case Studies in MSP Profitability: 10 Processes to Automate to Achieve 2008 Goals with Michael Krieger. Sponsored by Autotask

Dec 6, 12:30 p.m. ET
The State of the Great Windows Vista Migration with Aaron Goldberg. Sponsored by Dell & Microsoft

Dec 6, 2 p.m. ET
Three Best Practices for Securing Microsoft Exchange with Michael Krieger. Sponsored by Entrust

Dec 6, 3 p.m. ET
Simplify Your World, part 2: A Virtual Desktops Case Study with Joel Shore. Sponsored by EqualLogic

Join us on Dec. 19 for Discovering Value in Stored Data & Reducing Business Risk. Join this interactive day-long event to learn how your enterprise can cost-effectively manage stored data while keeping it secure, compliant and accessible. Disorganized storage can prevent your enterprise from extracting the maximum value from information assets. Learn how to organize enterprise data so vital information assets can help your business thrive. Explore policies, strategies and tactics from creation through deletion. Attend live or on-demand with complimentary registration!

Register Today!

FEATURED CONTENT

Debate: What ERP Would Obama or Romney Choose?
What if we chose our ERP systems the same way we choose a president?
Join the great ERP debate at IT Link.
Let us know what selection process you’d vote for!

Free Trial - Windows Server 2008 Release Candidate.
Microsoft claims Visual Studio 2008, code-named Orcas, contains more than 250 new features and delivers significant enhancements in every edition.
Click Here to Continue >>

Sponsored by Ziff Davis Enterprise Group

DOWNLOADABLE ROI CALCULATORS & TOOLS FROM BASELINE

Calculate Cost and ROI of Spam, VOIP, RFID, Sarbanes-Oxley and more...

Featured Calculators:

See More Tools!
By Category| Planners |Calculators | Quizzes

Special Report

The Perfect PDF
PDFzone shows you how to shine and polish your PDF by adding the reader-friendly touches your audience desires.

Special Report

Microsoft's PDF Play
Microsoft planned to offer a "Save to PDF" function in Office 2007, but the threat of legal action from Adobe may have them reconsidering.

Special Report

PDF Conversion Central
Convert anything and everything to PDf and back again. Word docs, RSS, AutoCAD and more.

BUYER'S GUIDES

• Content management

• Document management

• PDF creation

• PDF conversion

• PDF Developer Tools

• Digital Rights Management

• Enterprise Content Mgmt

• Index & Search

View all >

	PDFZone: Contact Us \| Advertise \| Site Map

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. PDFzone is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise, Inc. is prohibited.