More document software security worries.
PDF software giant
Adobe
has released details of its second vulnerability in little over a week. The first, which was discovered in the company’s PDF reader itself, was soon discovered to be less serious than initially believed; the second, a buffer overflow problem in the
Adobe Download Manager
, is described as ‘highly critical’ by security watchers at
Secunia
.
The earlier problem, affecting
Adobe Acrobat 7
and
Adobe Reader 7
, was first thought to render the system vulnerable to remote access, but on further investigation by
Adobe
it was discovered that the most serious danger was of a crash in the product (see the
Secunia
alert
here
).
The latest problem, first spotted by researchers at
eEye Digital Security
and
TippingPoint
‘s
Zero Day Initiative
, was reported to
Adobe
almost a month ago, and is now being disclosed in the wake of a fix release. The vulnerability could be used by malicious sites to gain remote system access, and all
Adobe
users are advised to ensure they update to the latest version. Full instructions are available from
Adobe
,
here
.
The
eEye
announcement is
here
, and one from the
Zero Day Initiative
here
.
Posted on 08 December 2006 by
Virus Bulletin
Leave a Reply