Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • IT Management

    Adobe Patches PDF Reader, ColdFusion Flaws

    By
    Matt Hines
    -
    January 10, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Desktop publishing software vendor Adobe released a trio of security patches on Jan. 9, two of which are aimed at fixing a cross-site scripting issue lingering in earlier versions of its Reader and Acrobat products, with the third targeting a new vulnerability identified in its ColdFusion development platform.

      The San Jose, Calif.-based company issued two separate bulletins meant to address the XSS flaw present in its Reader and Acrobat applications, including a server-side workaround that promises to prevent exploitation of the problem in versions 7.0.8 and earlier of the two programs.

      Adobe has already patched the vulnerability in its latest iteration of the products, specifically Adobe Reader 8.

      The second of the XSS patches promises to directly close-off the same problem in Adobe Reader 7.0.8 and earlier versions, as well as Acrobat Standard, Professional and Elements 7.0.8 and earlier versions, and the companys Acrobat 3D software.

      Among the security researchers who first identified the XSS issue were workers on the U.S. governments computer emergency response team, or CERT, who said that the vulnerability in Adobes widely-used Acrobat plug-in could allow hackers to exploit any Web site that hosts a PDF file to launch code execution or denial-of-service attacks.

      According to the company, the software glitch occurs because the Acrobat plug-in fails to properly validate URI (Uniform Resource Identifier) parameters for scripting code, allowing user-supplied scripts to execute within the context of the Web site hosting a PDF (portable document format) file. According to an advisory issued by the U.S. CERT, an attack that takes advantage of the vulnerability could be launched via Microsofts Internet Explorer or Firefox browsers.

      XSS is a form of attack through which a hacker injects malicious code into a URL that appears to be maintained by a legitimate source, most commonly a business. When users click on a link to the infected URL, the malware code is executed on their computer, with most of the programs designed to steal valuable user information. Among the most popular targets used to deliver XSS attacks are major consumer e-commerce companies, such as online auctioneer eBay.

      /zimages/4/28571.gifClick here to read more about the XSS bug in the Acrobat plug-in.

      In its third security bulletin, Adobe shipped a patch for a potential vulnerability in ColdFusions URL parsing code that it said could allow an attacker to access directory listings in the softwares installation directory. Using a specially crafted command sent to the ColdFusion server, an attacker could gain access to the directory listings, Adobe reported.

      The specific Adobe products affected by the flaw are its ColdFusion MX 7, ColdFusion MX 7.0.1, and ColdFusion MX 7.0.2 programs. The company indicated that the ColdFusion issue is remotely exploitable but said that the problem is specific only to some Windows installations of the software.

      Much as vulnerabilities in Microsofts Windows and Office programs are magnified by the sheer volume of computers running the software, researchers said that the Adobe flaws must be considered serious as so many individuals and organizations use the companys various desktop publishing and development products.

      Researchers at McAfee said on the anti-virus companys Avert Labs blog that a recent rash of problems with Adobes PDF technology, numbering six in total, should cause concern among people using the software.

      “For many, the PDF has become the de-facto standard for exchanging documents,” McAfee researcher Karthik Raman wrote in a blog posted on Jan. 9. “In using PDFs, some wish to sidestep the risks of malware-prone Microsoft Office documents, but with the announcement of six new PDF-related vulnerabilities in several security forums last week, we should all now be more careful with PDFs.”

      eWEEK Senior Editor Ryan Naraine contributed to this report.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.

      Avatar
      Matt Hines

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×