Adobe Issues Fix for Reader, Acrobat Flaw

Adobe quietly releases versions 7.0.1 of its freely distributed programs to patch a local file detection vulnerability.

Users of the ubiquitous Adobe Reader and Adobe Acrobat programs are at risk of a local file detection flaw, according to an alert from a private security research outfit.

Adobe Systems Inc. earlier this month sneaked out a fix for the vulnerability and recommended that users upgrade to versions 7.0.1 of the freely available programs.

Hyperdose Security, the company credited with finding and reporting the bug, said an attacker could target the "Safe for Scripting" method in the Adobe programs to direct unsuspecting users to a malicious Web site.

Once the user lands on the malicious site, the attacker can use the "LoadFile" method to send a local file name on the victims computer. Using this method, the attacker is able to determine file existence on their victims machine, said Robert Fly, a researcher at Hyperdose Security.

Although the risk is considered low, Fly said the attack would be useful as a stepping stone to further attacks. "Knowing the existence of a local file an attacker can gain knowledge as to the software and likely versions of software the individual is using," he said.

/zimages/5/28571.gifRead the full story on Adobe Issues Fix for Reader, Acrobat Flaw