Free Malware Removal Forum

[Nellie2]

Overview: A vulnerability within Adobe Reader and Adobe Acrobat has been identified. Under certain circumstances using XML scripts, it is possible to discover the existence of local files.

Adobe has solutions available that can rectify these issues. Please refer to the "Recommendations" section for further information.

Effect: If exploited, it may be possible to discover the existence of local files on an end-user system.

Details: The vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files. An attacker could then use the information gathered for malicious purposes.

However, the impact is minimized due to the fact that the existence of local files can only be discovered if the complete filenames and paths are known in advance by the attacker.

Recommendations:

Perform one of the following tasks:

-- If you use Adobe Reader 7.x on Windows or Mac OS, download the update to Adobe Reader 7.0.2 from the Adobe website at http://www.adobe.com/support/downloads/ .

-- If you use Adobe Acrobat 7.x on Windows or Mac OS, download the update to Adobe Acrobat 7.0.2 from the Adobe website at http://www.adobe.com/support/downloads/ .

More here

['KotaGuy]

Bump

[seamaiden]

According to Adobe, this XML External Entity vulnerability applies to Adobe Reader and Acrobat 7.0-7.0.1. Version 7.0.2 does not have it.

Are users of previous versions (5.x/6.x) safe?

I am using Acrobat 6.0.3 and cannot afford to upgrade to Acrobat 7, and I cannot install the free Adobe Reader 7, because that will cause integration problems with my full version 6.

[Nellie2]

As far as I can tell.. this vulnerability seems only to apply to Adobe 7.0-7.0.1. I'm sure that if there had been problems with earlier versions then the articles would have pointed this out.

So unless anyone wants to tell us any different then I would say don't worry about it.