TITLE: Adobe Reader / Adobe Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA13471
VERIFY ADVISORY: http://secunia.com/advisories/13471/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Adobe Reader 6.x http://secunia.com/product/1810/ Adobe Acrobat 6.x http://secunia.com/product/1809/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information or compromise a user's system. 1) A format string error within the eBook plug-in when parsing ".etd" files can be exploited to execute arbitrary code via a specially crafted eBook containing format specifiers in the "title" and "baseurl" fields. 2) Multiple vulnerabilities in libpng have been acknowledged, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA12219 3) An error within the handling of Flash files embedded in PDF documents can be exploited to read the content of files on a user's system. For more information: SA12809 The vulnerabilities have been reported in versions 6.0.0 through 6.0.2. SOLUTION: Update to version 6.0.3. PROVIDED AND/OR DISCOVERED BY: Greg MacManus, iDEFENSE Labs. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679 iDEFENSE: http://www.idefense.com/application/poi/display?id=163&type=vulnerabilities OTHER REFERENCES: SA12219: http://secunia.com/advisories/12219/ SA12809: http://secunia.com/advisories/12809/ ---------------------------------------------------------------------- ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
