Adobe Plugs Code Execution Holes

Users of the ubiquitous Adobe Acrobat and Adobe Reader software are at risk of code execution attacks.

A buffer overflow vulnerability in the widely used Adobe Acrobat and Adobe Reader programs could put millions of computer users at risk of code execution attacks.

According to an advisory from Adobe Systems Inc., a malicious hacker could exploit the flaw to crash the application or launch executable code on a vulnerable system.

"The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader," the company warned.

Because Adobe Reader is installed on most Windows computers to handle PDF (portable document format) files, security experts are flagging the flaw as "highly critical."

Alerts aggregator Secunia Inc. is strongly recommending that users apply the vendor supplied patches at the earliest opportunity.

Affected versions include Adobe Reader (Windows, Mac OS, Linux and Solaris) and Adobe Acrobat (Windows and Mac OS).

Adobe Reader is the de facto standard used to displays and print PDF files. Formerly known as Acrobat Reader, it is available for free for Windows, Mac, OS/2 and various versions of Unix.

Acrobat is a document exchange software that allows documents to be displayed and printed the same on every computer. The Acrobat system created the PDF standard, which is widely used in commercial printing and on the Web.

/zimages/5/28571.gifRead the full story on PDFzone: Adobe Plugs Code Execution Holes