[CS-FSLUG] Adobe Reader / Adobe Acrobat Multiple Vulnerabilities
Fred A. Miller
fmiller at lightlink.com
Fri Dec 17 13:45:47 CST 2004
Adobe Reader / Adobe Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA13471
VERIFY ADVISORY:
http://secunia.com/advisories/13471/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE: From remote
SOFTWARE:
Adobe Reader 6.x
http://secunia.com/product/1810/
Adobe Acrobat 6.x
http://secunia.com/product/1809/
DESCRIPTION:
Some vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to disclose
sensitive information or compromise a user's system.
1) A format string error within the eBook plug-in when parsing ".etd"
files can be exploited to execute arbitrary code via a specially
crafted eBook containing format specifiers in the "title" and
"baseurl" fields.
2) Multiple vulnerabilities in libpng have been acknowledged, which
can be exploited by malicious people to compromise a vulnerable
system.
For more information:
SA12219
3) An error within the handling of Flash files embedded in PDF
documents can be exploited to read the content of files on a user's
system.
For more information:
SA12809
The vulnerabilities have been reported in versions 6.0.0 through
6.0.2.
SOLUTION:
Update to version 6.0.3.
PROVIDED AND/OR DISCOVERED BY:
Greg MacManus, iDEFENSE Labs.
ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679
iDEFENSE:
http://www.idefense.com/application/poi/display?id=163&type=vulnerabilities
OTHER REFERENCES:
SA12219:
http://secunia.com/advisories/12219/
SA12809:
http://secunia.com/advisories/12809/
--
"As Internet technology itself vaults into new areas, so too does the
Microsoft monopoly and its tried-and-true bag of tricks."
-US Senator Orrin Hatch, (R) Utah
More information about the Christiansource
mailing list