October 30th, 2008
Adobe nukes 'critical' Pagemaker flaws
Adobe has released a patch to fix a pair of critical vulnerabilities in its PageMaker 7 software, warning that a hacker could exploit these flaws to “take control of the affected system.”
A third vulnerability, confirmed by Adobe, remains unpatched, the company acknowledged in an advisory. The flaws affect PageMaker 7.0.1 and PageMaker 7.0.2.
From Adobe’s security bulletin:
- Critical vulnerabilities has been identified in Adobe PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has provided a solution for two of the reported vulnerabilities (CVE-2007-6432, CVE-2007-5394), and is currently investigating potential solutions for a third vulnerability (CVE-2007-6021). It is recommended that users update their installations using the instructions provided above, and avoid opening PageMaker files from untrusted or unknown sources. These issues are not remotely exploitable.
Adobe categorizes this as a critical issue and recommends affected users patch their installations, and avoid opening PageMaker files from untrusted or unknown sources.
Secunia Research, one of the companies credited in Adobe’s bulletin, has released a separate advisory with technical details of the two patched vulnerabilities.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
