Friday, December 08, 2006

Adobe Reader and Adobe Acrobat 7 Security Update for Potential Vulnerabilities

Summary

Critical vulnerabilities have been identified in Adobe Reader and Acrobat 7.0 through 7.0.8 that could — although Adobe is not aware of any specific code exploits at this time — allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious file must be loaded by the end user for an attacker to exploit these vulnerabilities. It is recommended that users update to Adobe Reader 8 or apply the workaround provided below.

Affected software versions

Adobe Reader 7.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.
Solution

Adobe Reader 7.0 through 7.0.8 users should upgrade to Reader 8.

Adobe Reader 7.0 through 7.0.8 users who cannot upgrade to Reader 8, as well as Adobe Acrobat 7.0 through 7.0.8 users, should follow the directions below to update their installations:

1. Exit Internet Explorer, Adobe Reader, and Adobe Acrobat, if necessary.
2. Browse to :\Program Files\Adobe\Acrobat 7.0\ActiveX.
  • Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
3. Select AcroPDF.dll and delete it.
4. Download the AcroPDF.dll file provided here.
5. Copy the new AcroPDF.dll file in to the ActiveX directory.

Severity rating

Adobe categorizes this as a critical issue and recommends affected users uninstall any affected software.

Download: Adobe Reader 8
for Windows XP.
  • Note: Adobe Photoshop® Album Starter Edition is pre-checked at the download page. UNcheck that option if you do not want it included in the update.
From: Update available for potential vulnerabilities in Adobe Reader and Adobe Acrobat 7


No comments: