Adobe hit by second vulnerability

More document software security worries.

PDF software giant Adobe has released details of its second vulnerability in little over a week. The first, which was discovered in the company's PDF reader itself, was soon discovered to be less serious than initially believed; the second, a buffer overflow problem in the Adobe Download Manager, is described as 'highly critical' by security watchers at Secunia.

The earlier problem, affecting Adobe Acrobat 7 and Adobe Reader 7, was first thought to render the system vulnerable to remote access, but on further investigation by Adobe it was discovered that the most serious danger was of a crash in the product (see the Secunia alert here).

The latest problem, first spotted by researchers at eEye Digital Security and TippingPoint's Zero Day Initiative, was reported to Adobe almost a month ago, and is now being disclosed in the wake of a fix release. The vulnerability could be used by malicious sites to gain remote system access, and all Adobe users are advised to ensure they update to the latest version. Full instructions are available from Adobe, here.

The eEye announcement is here, and one from the Zero Day Initiative here.

08 December 2006

Tags: virus del.icio.us digg this