Adobe closes holes in Acrobat
There are times when one has to be pretty creative to imagine the attack scenario for a known security hole. The latest hole in Adobe Acrobat is one such case. When specially prepared files are distilled into the PDF format, the vendor says that a buffer overflow occurs, allowing code to be written onto the stack and executed with the user's rights. But for this, attackers have to convince their victims to distill a specially prepared file first, which would normally either require a lot of persuasion or a current relationship of trust.
Acrobat version 6.0 to 6.0.4 for Windows and Mac are affected. This flaw has been remedied in version 6.0.5. The vendor has categorized the update as critical; it is currently being automatically distributed.
In addition, this release closes a hole in the Mac version that allowed users with limited rights to gain greater access rights. This problem was the result of improper setting of access rights for directories and files during installation. This flaw also affects the Mac version of Adobe Reader before version 6.0.5.
- File Permissions Vulnerability in Adobe Reader and Adobe Acrobat (Mac OS), security bulletin at Adobe
- Buffer Overflow Vulnerability in Adobe Acrobat, security bulletin at Adobe
(ehe)