Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adobe Acrobat Vulnerability

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Adobe Acrobat Vulnerability

Unread postby Nellie2 » July 14th, 2005, 5:15 pm

Overview: A vulnerability within Adobe Reader and Adobe Acrobat has been identified. Under certain circumstances using XML scripts, it is possible to discover the existence of local files.

Adobe has solutions available that can rectify these issues. Please refer to the "Recommendations" section for further information.

Effect: If exploited, it may be possible to discover the existence of local files on an end-user system.

Details: The vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files. An attacker could then use the information gathered for malicious purposes.

However, the impact is minimized due to the fact that the existence of local files can only be discovered if the complete filenames and paths are known in advance by the attacker.

Recommendations:

Perform one of the following tasks:

-- If you use Adobe Reader 7.x on Windows or Mac OS, download the update to Adobe Reader 7.0.2 from the Adobe website at http://www.adobe.com/support/downloads/ .

-- If you use Adobe Acrobat 7.x on Windows or Mac OS, download the update to Adobe Acrobat 7.0.2 from the Adobe website at http://www.adobe.com/support/downloads/ .


More here
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove

Unread postby 'KotaGuy » July 14th, 2005, 5:23 pm

Bump
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby seamaiden » September 9th, 2005, 4:45 pm

According to Adobe, this XML External Entity vulnerability applies to Adobe Reader and Acrobat 7.0-7.0.1. Version 7.0.2 does not have it.

Are users of previous versions (5.x/6.x) safe?

I am using Acrobat 6.0.3 and cannot afford to upgrade to Acrobat 7, and I cannot install the free Adobe Reader 7, because that will cause integration problems with my full version 6.
User avatar
seamaiden
Active Member
 
Posts: 5
Joined: September 9th, 2005, 2:59 pm
Location: Fresno, California, USA

Unread postby Nellie2 » September 9th, 2005, 4:52 pm

As far as I can tell.. this vulnerability seems only to apply to Adobe 7.0-7.0.1. I'm sure that if there had been problems with earlier versions then the articles would have pointed this out.

So unless anyone wants to tell us any different then I would say don't worry about it.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to News Desk



Who is online

Users browsing this forum: No registered users and 1 guest

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware