Adobe warns of a serious vulnerability in its popular Adobe Acrobat and Adobe Reader software

23 August 2005

Adobe has issued a Security Advisory warning of a serious vulnerability in the popular PDF creation suite Adobe Acrobat as well as in the free PDF reader software Adobe Reader.

The reported vulnerability is a buffer overflow within a core application plug-in in Adobe Acrobat and Adobe Reader. If this vulnerability were successfully exploited, it could crash the application and allow for remote execution of malicious code on the affected system. Exploitation could involve the creation of malicious PDF files that trigger system infection when opened, potentially giving an attacker complete control of an affected system.

This vulnerability affects Adobe Reader for Windows, Linux, Mac OS, and Solaris; as well as Adobe Acrobat for Windows and for Mac OS. Users are encouraged to update their Adobe Acrobat and Adobe Reader software as soon as possible by following the appropriate update instructions published in the Adobe Reader and Acrobat Security Update.

The free Adobe Reader is installed on a vast number of systems world-wide. However, as it is not part of the Windows update system it is likely that many users do not update this program regularly, increasing the risk of any future infection that exploits this vulnerability spreading fast.

Important:
We recommend that users patch their systems by downloading and installing critical updates as soon as possible.

Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they do not have one already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN