Adobe XSS Flaw: Vulnerability in Adobe Reader and Acrobat – Versions 7.0.8 and Earlier

The World’s Leading Information Source on Virtualization	Register \| Log in

.NET · AJAX · ECLIPSE · FLEX · OPEN WEB · iPHONE · JAVA · LINUX · OPEN SOURCE · ORACLE · PBDJ · SEARCH · SILVERLIGHT · SOA · VIDEO · VIRTUALIZATION · WEB 2.0 · WIRELESS · XML

YOUR FEEDBACK

Web 2.0, Enterprise Mashups and Social Computing are No Longer Software Business Models

andy.mulholland wrote: intriguing !!! We have full scale 'Mashup Factories' in Chicago USA and Utrec...

Oct. 11, 2008 03:06 AM

SOA World Conference
Virtualization Conference
$300 Savings Expire October 17, 2008... – Register Today!

Did you read today's front page stories & breaking news?

SYS-CON.TV: Cynergy Announcing RIA Development for Silverlight

SYS-CON.TV

SYS-CON.TV WEBCASTS

JACKBE The Big A(architecture in AJAX)

INSTANTIATIONS Eclipse Rich Internet Platform with Taylor and Milinkovich

YAHOO! Applying AJAX to Speed User's Journey

ENERJY WEBCAST Java Code Quality Management

APP SERVER SHOOT-OUT with Microsoft, IBM, JBoss, Sun, BEA, and Oracle

TODAY'S TOP SOA & WEBSERVICES LINKS

Adobe XSS Flaw: Vulnerability in Adobe Reader and Acrobat – Versions 7.0.8 and Earlier

Upgrading to Reader 8 and Acrobat 8 "addresses the issue immediately," says Adobe

By: Security News Desk

Jan. 6, 2007 12:30 PM

(SYS-CON Media) – Adobe confirmed this week that a cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat could allow remote attackers to inject arbitrary JavaScript into a browser session. Exploitability depends on the browser and browser version being used, but upgrading to Reader 8 and Acrobat 8 "addresses the issue immediately," says Adobe.

For users who cannot upgrade to Reader 8, says the company, the Secure Software Engineering team is working with the Adobe Reader Engineering team on a 7.0.9 update to versions 7.0.8 and earlier of Adobe Reader and Acrobat that will resolve this issue, which is expected to be available in the next week.

Adobe adds that a security bulletin will be published on http://www.adobe.com/support/security "as soon as that update is available." In the meantime, Acrobat and Reader customers who cannot upgrade can use their browser preferences to disable the Acrobat and Reader plugins from opening within the browser.

All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. SYS-CON readers can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert.

Published Jan. 6, 2007— Reads 3,881 — Feedback 3
Copyright © 2008 SYS-CON Media. All Rights Reserved.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

YOUR FEEDBACK

Adobe XSS Flaw: Vulnerability in Adobe Reader and Acrobat – Versions 7.0.8 and Earlier

queZZtion wrote: Is it true that Vista seems immune to this Acrobat flaw...or was someone simply using Acrobat 8 already and didn't realize that the alert is v 7.0.8 and earlier, not Acrobat 8.

read more & respond »

Adobe XSS Flaw: Vulnerability in Adobe Reader and Acrobat – Versions 7.0.8 and Earlier

factpoint wrote: It was Stefano Di Paola and Giorgio Fedon who originally discovered the unpatched vulnerability in Adobe Acrobat Reader.

read more & respond »

Adobe XSS Flaw: Vulnerability in Adobe Reader and Acrobat – Versions 7.0.8 and Earlier

Good News wrote: Although this issue could occur when a user clicks on a malicious link to a PDF file but the vulnerability does not allow execution of binary code.

read more & respond »

SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS

SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!

Click to Add our RSS Feeds to the Service of Your Choice:

Google Reader or Homepage

Add to My Yahoo!

Subscribe with Bloglines

Subscribe in NewsGator Online

myFeedster

Add to My AOL

Subscribe in Rojo

Add 'Hugg' to Newsburst from CNET News.com

Kinja Digest

View Additional SYS-CON Feeds

Publish Your Article! Please send it to editorial(at)sys-con.com!
Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON FEATURED WHITEPAPERS

MOST READ THIS WEEK

Application Virtualization: Instant Migration to Vista, Fast Delivery, Secure Access, Side-by-Side Deployments

By Virtualization News Desk

Mike Neil to Present "Virtualization Futures" in His Keynote

By Virtualization News Desk

SYS-CON's Virtualization Expo Was Larger Than Any Gartner Event in Two Years

By Virtualization News Desk

Are AJAX, Virtualization, Cloud Computing, and SOA Related?

By John Michelsen

If VMware Is "Virtualization 1.0" Is Microsoft the Avatar Of "Virtualization 2.0"?

By Maureen O'Gara

Cloud Computing vs. Elastic Cloud: What's the Difference?

By Cloud Computing News Desk

Virtualization Is Happening Today

By Richard Muirhead

VMware Nominated for SYS-CON's "Virtualization Journal Readers' Choice Awards"

By Virtualization News Desk

MokaFive Nominated for SYS-CON's "Virtualization Journal Readers' Choice Awards"

By Virtualization News Desk

HP Nominated for SYS-CON's "Virtualization Journal Readers' Choice Awards"

By Virtualization News Desk

Citrix Virtualization Seminar Targets VPN

By Virtualization News Desk

CA to Provide Virtualization Solutions to Wall Street

By Virtualization News Desk

ADVERTISE | MAGAZINE SUBSCRIPTIONS | FREE BREAKING-NEWSLETTERS! | SYS-CON.TV | BLOG-N-PLAY! | WEBCAST | EDUCATION | RESEARCH

.NET Developer's Journal - .NETDJ   |   ColdFusion Developer's Journal - CFDJ   |   Eclipse Developer's Journal - EDJ   |   Enterprise Open Source Magazine - EOS
Open Web Developer's Journal - OPEN WEB   |   iPhone Developer's Journal - iPHONE   |   Virtualization - Virtualization   |   Java Developer's Journal - JDJ   |   Linux.SYS-CON.com
PowerBuilder Developer's Journal - PBDJ   |   SEO / SEM Journal - SJ   |   SOAWorld Magazine - SOAWM   |   IT Solutions Guide - ITSG   |   Symbian Developer's Journal - SDJ
WebLogic Developer's Journal - WLDJ   |   WebSphere Journal - WJ   |   Wireless Business & Technology - WBT   |   XML-Journal - XMLJ   |   Internet Video - iTV
Flex Developer's Journal - Flex   |   AJAXWorld Magazine - AWM   |   Silverlight Developer's Journal - SLDJ   |   PHP.SYS-CON.com   |   Web 2.0 Journal - WEB2

SYS-CON MEDIA: ABOUT US | CONTACT US | COMPANY NEWS | CAREERS | SITE MAP

SYS-CON EVENTS: | AJAXWorld Conference & Expo | iPhone Developer Summit | OpenWeb Developer Summit | SOA World Conference & Expo | Virtualization Conference & Expo

INTERNATIONAL SITES: India | U.K. | Canada | Germany | France | Australia | Italy | Spain | Netherlands | Brazil | Belgium

Terms of Use & Our Privacy Statement

About Newsfeeds / Video Feeds

Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media.

Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited.

close this window