In association with heise online

12 July 2006, 20:17

Adobe closes holes in Acrobat

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

There are times when one has to be pretty creative to imagine the attack scenario for a known security hole. The latest hole in Adobe Acrobat is one such case. When specially prepared files are distilled into the PDF format, the vendor says that a buffer overflow occurs, allowing code to be written onto the stack and executed with the user's rights. But for this, attackers have to convince their victims to distill a specially prepared file first, which would normally either require a lot of persuasion or a current relationship of trust.

Acrobat version 6.0 to 6.0.4 for Windows and Mac are affected. This flaw has been remedied in version 6.0.5. The vendor has categorized the update as critical; it is currently being automatically distributed.

In addition, this release closes a hole in the Mac version that allowed users with limited rights to gain greater access rights. This problem was the result of improper setting of access rights for directories and files during installation. This flaw also affects the Mac version of Adobe Reader before version 6.0.5.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit