Adobe hit by second vulnerability
More document software security worries.
PDF software giant Adobe has released details of its second vulnerability in little over a week. The first,
which was discovered in the company's PDF reader itself, was soon discovered to be less serious than initially
believed; the second, a buffer overflow problem in the Adobe Download Manager, is described as 'highly critical'
by security watchers at Secunia.
The earlier problem, affecting Adobe Acrobat 7 and Adobe Reader 7, was first thought to render the
system vulnerable to remote access, but on further investigation by Adobe it was discovered that the most
serious danger was of a crash in the product (see the Secunia alert
here).
The latest problem, first spotted by researchers at eEye Digital Security and TippingPoint's Zero Day
Initiative, was reported to Adobe almost a month ago, and is now being disclosed in the wake of a fix
release. The vulnerability could be used by malicious sites to gain remote system access, and all Adobe users
are advised to ensure they update to the latest version. Full instructions are available from Adobe,
here.
The eEye announcement is here,
and one from the Zero Day Initiative
here.
08 December 2006
Tags:
virus
del.icio.us 
digg this
