June 24th, 2008
Adobe ships critical PDF Reader, Acrobat patch
Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.
According to Adobe’s advisory, the flaw “could potentially allow an attacker to take control of the affected system.”
If you have Adobe Reader or Acrobat installed on your machine, this update should be treated with the highest possible priority because the vulnerability is being exploited in the wild.
The patch is available for all platforms. The affected products are:
- Adobe Reader 8.0 through 8.1.2
- Adobe Reader 7.0.9 and earlier
- Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
- Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier
Adobe Reader 7.1.0 and Acrobat 7.1.0 are not vulnerable to this issue.
From a separate SecurityFocus bulletin:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.
* Image source: existentist’s Flickr photostream (Creative Commons 2.0)
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
| 06/24/08
