Adobe patches Adobe Reader and Acrobat

By Derek Sooman on June 16, 2005, 11:18 AM
Adobe has rolled out patches for Adobe Reader 7.0 and 7.0.1, and Adobe Acrobat 7.0 and 7.0.1 in response to security vulnerabilities found in these products. Specifically, there is a security flaw present which is known as the XML External Entity vulnerability. This vulnerability can allow XML scripts to be used to compromise system security. Adobe is recommending that all users upgrade to 7.02.

According to Adobe officials, the vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, according to a security advisory from the company. An attacker could then maliciously use the gathered information. But the statement pointed out that the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.