Adobe Issues Fix for Reader, Acrobat Flaw

 
 
By Ryan Naraine  |  Posted 2005-04-26 Print this article Print
 
 
 
 
 
 
 

Adobe quietly releases versions 7.0.1 of its freely distributed programs to patch a local file detection vulnerability.

Users of the ubiquitous Adobe Reader and Adobe Acrobat programs are at risk of a local file detection flaw, according to an alert from a private security research outfit.

Adobe Systems Inc. earlier this month sneaked out a fix for the vulnerability and recommended that users upgrade to versions 7.0.1 of the freely available programs.

Hyperdose Security, the company credited with finding and reporting the bug, said an attacker could target the "Safe for Scripting" method in the Adobe programs to direct unsuspecting users to a malicious Web site.

Once the user lands on the malicious site, the attacker can use the "LoadFile" method to send a local file name on the victims computer. Using this method, the attacker is able to determine file existence on their victims machine, said Robert Fly, a researcher at Hyperdose Security. Although the risk is considered low, Fly said the attack would be useful as a stepping stone to further attacks. "Knowing the existence of a local file an attacker can gain knowledge as to the software and likely versions of software the individual is using," he said.

Read the full story on PDFzone.com: Adobe Issues Fix for Reader, Acrobat Flaw
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel