• všechny e-ziny od 9/1999
  • celou databázi NEWS
  • soutěže 2000-2011
  • další články a BONUSY

Security - News


Crypto - News | Security - News

12 / 2004
Vybrali pro vás: TR - Tomáš Rosa, JP - Jaroslav Pinkava, PV - Pavel Vondruška, VK - Vlastimil Klíma

Dv? vážné chyby v Acrobatu - pro Windows, Mac OS X, Unix - existují záplaty

Adobe Systems has warned users of its Acrobat software for Windows, Mac OS X, and Unix systems of two serious flaws that could allow an attacker to execute arbitrary code through a malicious PDF (Portable Document Format) file distributed over e-mail. The first flaw affects the way Acrobat 6.0.2 parses .etd files used in eBook transactions, allowing an attacker to implant content in the 'title' or 'baseurl' fields to cause an invalid memory access, allowing code execution with the user's privileges. Earlier versions of Acrobat may also be affected. Users can work around the flaw by deleting eBook.api, though this will prevent Acrobat from handling eBooks. Another flaw in Reader 5.0.9 for Unix affects the mailListIsPdf e-mail function, and can be exploited in the same way as the first flaw. Adobe has released version 6.0.3 of both Acrobat and Reader and 5.0.10 of Reader to address the flaws.
Zdroj: http://www.eweek.com/article2/0,1759,1741481,00.asp
Autor: VK

Design: Webdesign