Adobe Patches Flaws

By | December 20, 2004

Adobe issued a patch this week for several versions of its popular Acrobat software. The fixes clear up problems found in both Windows and Mac versions of Acrobat Reader and Acrobat Pro.

The vulnerabilities were part of Adobe´s core Flash, eBook and PNG libraries which are part of Acrobat for Windows, Mac as well as Unix.

Adobe Spokesman John Cristofano told no current malicious exploits of the vulnerabilities have been reported.

Greg MacManus, at Reston, Va.-based iDEFENSE Labs who found the flaws first back in October, said a remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code.

“The vulnerability specifically exists in the function mailListIsPdf(). This function checks if the input file is an e-mail message containing a PDF. It unsafely copies user-supplied data using strcat into a fixed sized buffer,” iDEFENSE said in its alert.

Adobe said the update is a required update for all supported languages, even though only English and Japanese localizations have full up-to-date patches released for them.

Cristofano said the vulnerabilities would also be covered in the upcoming Acrobat Professional and Standard version 7.0 software and corresponding Adobe Reader version 7.0.

Leave a Reply