Dv? vážné chyby v Acrobatu - pro Windows, Mac OS X, Unix - existují záplaty
16.12.2004Adobe Systems has warned users of its Acrobat software for Windows, Mac OS X, and Unix systems of two serious flaws that could allow an attacker to execute arbitrary code through a malicious PDF (Portable Document Format) file distributed over e-mail. The first flaw affects the way Acrobat 6.0.2 parses .etd files used in eBook transactions, allowing an attacker to implant content in the 'title' or 'baseurl' fields to cause an invalid memory access, allowing code execution with the user's privileges. Earlier versions of Acrobat may also be affected. Users can work around the flaw by deleting eBook.api, though this will prevent Acrobat from handling eBooks. Another flaw in Reader 5.0.9 for Unix affects the mailListIsPdf e-mail function, and can be exploited in the same way as the first flaw. Adobe has released version 6.0.3 of both Acrobat and Reader and 5.0.10 of Reader to address the flaws.
Zdroj: http://www.eweek.com/article2/0,1759,1741481,00.aspAutor: VK
