In association with heise online

10 January 2007, 13:07

Adobe Reader 7.0.9 closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Until recently, Adobe was telling users to switch to version 8 of its Reader instead of closing the security holes in the version 7 that are no longer contained in version 8. However, a number of users were not able to switch to this later version for reasons of compatibility, among others, forcing Adobe to release version 7.0.9 as a download.

In addition to the security holes in the browser plug-ins already made public, that allow attackers to use manipulated e-mails or websites to conduct cross-site scripting or denial-of-service attacks, among other things, version 7.0.9 also closes a previously unknown hole that Piotr Bania has now made public. This recently discovered vulnerability allows attackers to use prepared PDF documents to inject and execute malicious code in the Windows and Linux versions of Reader 7.0.8 and earlier versions.

Bania has refrained from providing a demonstration exploit because he believes the hole is too severe. Users of Adobe Reader or Adobe Acrobat who have not yet been able to upgrade to version 8 should at least switch to version 7.0.9 as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit