Adobe has warned of a serious flaw affecting one of the most widely distributed client applications, Acrobat Reader. The flaw leaves users open to attack via maliciously crafted PDF files, which can be spread via e-mail attachments web page links, and can be used to take control of a system.
"Remote exploitation of a buffer overflow in Adobe Acrobat Reader for Unix could allow an attacker to execute arbitrary code," says security firm IDefense, which discovered the flaw, in an advisory. A number of bugs in Acrobat Reader have emerged in recent weeks, but none were particularly serious. The last serious flaw to affect Acrobat Reader was in December 2004, when Acrobat Reader 5.x and 6.x were hit by several vulnerabilities allowing remote attackers to execute malicious code.
Solution:
-
-- Linux and Solaris Platforms --
Update to Adobe Reader 7.0
-
-- IBM-AIX and HP-UX Platforms --
Update to Adobe Acrobat Reader 5.0.11
Download: Adobe Reader 7.0
News source: PCWorld.com