=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2007/VULN394
_____________________________________________________________________

DATE                      : 12/10/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Adobe PageMaker,
                            Systems running Adobe Illustrator CS3,
                            Systems running Adobe GoLive 9.

======================================================================
  http://www.adobe.com/support/security/bulletins/apsb07-15.html
  http://www.adobe.com/support/security/bulletins/apsb07-16.html
  http://www.adobe.com/support/security/bulletins/apsb07-17.html

______________________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Security Bulletins:
- - Patch available for PageMaker buffer overflow
vulnerability
- - Illustrator CS3 Update to Address Potential Security
Vulnerabilities
- - GoLive 9 Update to Address Potential Security
Vulnerabilities

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

APSB07-15 - Patch available for PageMaker buffer overflow
vulnerability

Originally posted: October 9, 2007

Summary:
A critical vulnerability has been identified in Adobe
PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an
attacker who successfully exploits this vulnerability to
take control of the affected system. It is recommended that
users update their installations using the instructions
provided.

Severity Rating:
Adobe categorizes this update as critical
http://direct.adobe.com/r?xJlJvPvElTTcEcHHqJccJ

Adobe recommends that users apply this update to their
installations.  Learn more:
http://direct.adobe.com/r?xJlJvPvElTTqEcHHqJcJH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

APSB07-16 - Illustrator CS3 Update to Address Potential
Security Vulnerabilities

Originally posted: October 9, 2007

Summary:
Critical vulnerabilities have been identified in Illustrator
CS 3 that could allow an attacker who successfully exploits
these potential vulnerabilities to take control of the
affected system. A malicious BMP, DIB, RLE, or PNG must be
opened in Illustrator by the user for an attacker to exploit
these potential vulnerabilities.

Severity Rating:
Adobe categorizes this update as critical
http://direct.adobe.com/r?xJlJvPvElTTcEcHHqJccJ

Adobe recommends that users apply this update to their
installations.  Learn more:
http://direct.adobe.com/r?xJlJvPvElTvHEcHHqJccJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APSB07-17 - GoLive 9 Update to Address Potential Security
Vulnerabilities

Originally posted: October 9, 2007

Summary:
Critical vulnerabilities have been identified in GoLive 9
that could allow an attacker who successfully exploits these
potential vulnerabilities to take control of the affected
system. A user must be convinced to insert a malicious BMP,
DIB, RLE, or into a GoLive document for an attacker to
exploit these potential vulnerabilities.

Severity Rating:
Adobe categorizes this update as critical
http://direct.adobe.com/r?xJlJvPvElTTcEcHHqJccJ

Adobe recommends that users update their installations.
Learn more:
http://direct.adobe.com/r?xJlJvPvElTvcEcHHqJccl

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS, OR FIXES
PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS
DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR
OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO
WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT.
(USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF
IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY
TO YOU. IN NO EVENT SHALL ADOBE, INC. OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT
LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS
INTERRUPTION, OR THE LIKE, OR LOSS OF BUSINESS DAMAGES,
BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF
CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE),
PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS
SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES
DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION
OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE
OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.

Adobe reserves the right, from time to time, to update
the information in this document with current information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================