In association with heise online

13 March 2008, 12:34

Adobe goes on patching spree

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In addition to an update for the Adobe Reader for Unix, Adobe has also published patches for holes in Form Designer, Form Client, ColdFusion, and LiveCycle Workflow.

In Form Designer and Form Client, the update remedies critical flaws that allowed attackers to inject malicious code by means of manipulated websites. The libraries FileDlg.dll and SvrCopy.dll provide ActiveX components in which buffer overflows can occur. US-CERT recommends setting the kill bit for the ClassIDs {00A2A192-4929-11D1-BA6C-080009D7FAD2} and {D10E546F-3AF9-11D1-BA6C-080009D7FAD2} if you do not want to switch off ActiveX in Internet Explorer entirely. Adobe has also published a patch that users of Form Designer 5.0 or Form Client 5.0 can install.

Other updates remedy cross-site scripting holes in ColdFusion MX 7, ColdFusion 8 and LiveCycle Workflow 6.2. Another update for ColdFusion fixes a flaw that prevented the software from logging failed login attempts, thereby making it easier for attackers to attempt to break in. Users of the applications affected should download and install these updates as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit