===================================================================== CERT-Renater Note d'Information No. 2007/VULN400 _____________________________________________________________________ DATE : 23/10/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Adobe Reader and Adobe Acrobat. ====================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adobe Security Bulletin: - - Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ APSB07-18 - Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat Originally posted: October 22, 2007 Summary: Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1. This is an update to resolve the issue previously reported in Security Advisory APSA07-04. Severity Rating: Adobe categorizes this update as critical http://direct.adobe.com/r?xJllJHcElTWcEcHHqJcHH Adobe recommends that users apply this update to their installations. Learn more: http://direct.adobe.com/r?xJllJHcElTqJEcHHqJcHJ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS, OR FIXES PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. IN NO EVENT SHALL ADOBE, INC. OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE. Adobe reserves the right, from time to time, to update the information in this document with current information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is an advertising message from Adobe Systems Incorporated, its affiliates and agents ("Adobe"), 345 Park Avenue, San Jose, CA 95110 USA. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'hôpital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================