Spyware, Viruses, & Security forum

General discussion

Vulnerablities December 15, 2004

TITLE:
Adobe Reader / Adobe Acrobat Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA13471

VERIFY ADVISORY:
http://secunia.com/advisories/13471/

CRITICAL:
Highly critical

IMPACT:
Exposure of sensitive information, System access

WHERE:
From remote

SOFTWARE:
Adobe Reader 6.x
http://secunia.com/product/1810/
Adobe Acrobat 6.x
http://secunia.com/product/1809/

DESCRIPTION:
Some vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to disclose
sensitive information or compromise a user's system.

1) A format string error within the eBook plug-in when parsing ".etd"
files can be exploited to execute arbitrary code via a specially
crafted eBook containing format specifiers in the "title" and
"baseurl" fields.

2) Multiple vulnerabilities in libpng have been acknowledged, which
can be exploited by malicious people to compromise a vulnerable
system.

For more information:
SA12219

3) An error within the handling of Flash files embedded in PDF
documents can be exploited to read the content of files on a user's
system.

For more information:
SA12809

The vulnerabilities have been reported in versions 6.0.0 through
6.0.2.

SOLUTION:
Update to version 6.0.3.

PROVIDED AND/OR DISCOVERED BY:
Greg MacManus, iDEFENSE Labs.

ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679

iDEFENSE:
http://www.idefense.com/application/poi/display?id=163&type=vulnerabilities

OTHER REFERENCES:
SA12219:
http://secunia.com/advisories/12219/

SA12809:
http://secunia.com/advisories/12809/

Discussion is locked
You are posting a reply to: Vulnerablities December 15, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Vulnerablities December 15, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Great Guidance

In reply to: Vulnerablities December 15, 2004

Roddy....thx. so much for keeping us informed.I purposely went and opened my "Adobe" and clicked on the "update" feature,but surprisingly it did not list this "update".I used the "link" that you included.Keep up the good work.

Collapse -
You're welcome Ken and

In reply to: Great Guidance

the update feature in mine also told me nothing but I noticed on the website that those that only had version 6.0.0 or 6.0.1 could update to 6.0.2 through the update function on the program but had to go to the website to upgrade to 6.0.3 although there was not an explanation as to why. I had trouble with the update link at first and had to refresh but I'm assuming it is because they are busy. The download is 1.8MB and the wizard will install it over the old version.

Collapse -
[SA13447] Opera Default Application "kfmclient exec" Securit

In reply to: Vulnerablities December 15, 2004

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Opera 7.x
http://secunia.com/product/761/

DESCRIPTION:
Giovanni Delvecchio has discovered a security issue in Opera, which
can be exploited by malicious people to compromise a user's system.

The problem is that a file with an unknown MIME type by default is
handled by "kfmclient exec". This can be exploited to execute shell
commands by tricking a user into opening a malicious
shortcut/launcher containing an "Exec" entry.

Successful exploitation requires some user interaction.

The issue has been confirmed on Opera 7.54u1 for Linux. Other
versions may also be affected.

Note: Opera for Windows is not affected.

SOLUTION:
Do not open files from untrusted sources via the "kfmclient exec"
handler.

PROVIDED AND/OR DISCOVERED BY:
Giovanni Delvecchio

http://secunia.com/advisories/13447/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.