Software maker Adobe Systems Inc. on Wednesday acknowledged that an information disclosure vulnerability in two of its products could be exploited by malicious hackers to hijack sensitive system information.
The flaws were flagged–and fixed–in Adobe Reader and Adobe Acrobat, two programs widely used to view and print PDF files.
Affected versions include Adobe Reader 7.0 and 7.0.1, and Adobe Acrobat 7.0 and 7.0.1 on Windows and Macintosh platforms.
In a published advisory, Adobe said the flaw was found within the Adobe Reader control.
“If an XML script is embedded in JavaScript, it is possible to discover the existence of local files. An attacker could then use the information gathered for malicious purposes,” the company warned.
However, Adobe said the threat is minimized because the existence of local files can only be discovered if the complete filenames and paths are known in advance by the attacker.
