October 30th, 2008

Adobe nukes 'critical' Pagemaker flaws

Posted by Ryan Naraine @ 10:52 am

Categories: Adobe, Arbitrary Code Execution, Botnets, Data theft, Exploit code, Malware, Passwords, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research

Tags: Adobe Systems Inc., PageMaker, Flaw, Vulnerability, Security, Ryan Naraine

Adobe has released a patch to fix a pair of critical vulnerabilities in its PageMaker 7 software, warning that a hacker could exploit these flaws to “take control of the affected system.”

A third vulnerability, confirmed by Adobe, remains unpatched, the company acknowledged in an advisory.  The flaws affect PageMaker 7.0.1 and PageMaker 7.0.2.

From Adobe’s security bulletin:

• Critical vulnerabilities has been identified in Adobe PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has provided a solution for two of the reported vulnerabilities (CVE-2007-6432, CVE-2007-5394), and is currently investigating potential solutions for a third vulnerability (CVE-2007-6021). It is recommended that users update their installations using the instructions provided above, and avoid opening PageMaker files from untrusted or unknown sources. These issues are not remotely exploitable.

Adobe categorizes this as a critical issue and recommends affected users patch their installations, and avoid opening PageMaker files from untrusted or unknown sources.

Secunia Research, one of the companies credited in Adobe’s bulletin, has released a separate advisory with technical details of the two patched vulnerabilities.