Adobe Reader - WARNING

[Gordon Darling]

http://www.theinquirer.net/?article=14530

Adobe Reader leaks data like a sieve

By INQUIRER staff: Friday 05 March 2004, 07:36 AN AUSTRALIAN security
consulting firm has told users Acrobat Reader version 5.1 has a highly
critical vulnerability that could lead to the leaking of data.

NGSSoftware found a data format buffer overflow in which could potentially
be exploited to compromise a user's system.

Apparently the vulnerability is caused due to a boundary error within the
debugging functionality when parsing documents in the XML forms data
format (".xfdf").

A hacker using the flaw could trick a users into looking at a doctored
XFDF document which could trigger a buffer overflow.

NGSSoftware contacted Adobe about the flaw and been told that the latest
version of the reader, 6.0, did not suffer from it. It has recommended to
all its clients that they upgrade immediately. µ

Regards
Gordon

 

[John Corliss]

http://www.theinquirer.net/?article=14530

Adobe Reader leaks data like a sieve

By INQUIRER staff: Friday 05 March 2004, 07:36 AN AUSTRALIAN security
consulting firm has told users Acrobat Reader version 5.1 has a highly
critical vulnerability that could lead to the leaking of data.

NGSSoftware found a data format buffer overflow in which could potentially
be exploited to compromise a user's system.

Apparently the vulnerability is caused due to a boundary error within the
debugging functionality when parsing documents in the XML forms data
format (".xfdf").

A hacker using the flaw could trick a users into looking at a doctored
XFDF document which could trigger a buffer overflow.

NGSSoftware contacted Adobe about the flaw and been told that the latest
version of the reader, 6.0, did not suffer from it. It has recommended to
all its clients that they upgrade immediately. µ

Great. Now I have to use that bloated, slow piece of shit, 6.0. I
wonder if that version still has that bug that keeps a module running
when you view a .pdf file online, leading inevitably to a lockup of
Mozilla.

 

[JeffG]

http://www.theinquirer.net/?article=14530

Adobe Reader leaks data like a sieve

By INQUIRER staff: Friday 05 March 2004, 07:36 AN AUSTRALIAN security
consulting firm has told users Acrobat Reader version 5.1 has a highly
critical vulnerability that could lead to the leaking of data.

NGSSoftware found a data format buffer overflow in which could potentially
be exploited to compromise a user's system.

Apparently the vulnerability is caused due to a boundary error within the
debugging functionality when parsing documents in the XML forms data
format (".xfdf").

A hacker using the flaw could trick a users into looking at a doctored
XFDF document which could trigger a buffer overflow.

NGSSoftware contacted Adobe about the flaw and been told that the latest
version of the reader, 6.0, did not suffer from it. It has recommended to
all its clients that they upgrade immediately. µ

Regards
Gordon

Two questions: 1. Is the Inquirer a reliable source of information like
this? 2. If this is true does 5.0 have the same vulnerability as 5.1? JG

 

[Chakolate]

NGSSoftware contacted Adobe about the flaw and been told that the latest
version of the reader, 6.0, did not suffer from it. It has recommended to
all its clients that they upgrade immediately. µ

Not a chance. True, I don't use Adobe for particularly sensitive
documents, but I simply refuse to go back to 6.0. Uses up far too many
resources, takes forever to load, etc.

So what's a good replacement? Is there another free .pdf reader out there?

Chakolate

 

[Martin Cleaver]

Great. Now I have to use that bloated, slow piece of shit,
6.0.

There are plenty of ways to speed it up and fight the flab...
You just have to move all the plug-ins out of the main
directory in to a different one.

Rgds

Martin

 

[]-[emLok]

-----BEGIN PGP SIGNED MESSAGE-----

Gordon Darling wrote:
[snip]

Great. Now I have to use that bloated, slow piece of shit, 6.0. I
wonder if that version still has that bug that keeps a module
running when you view a .pdf file online, leading inevitably to a
lockup of Mozilla.

Yes, it still has that bug. I've griped about that for years and it
still remains. Sometimes it closes, sometimes it does not.

/]-[emLok

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQEVAwUBQEjlikYFGkzwafvLAQGamQf8CilgKLxf3VqeyJv2CzdNAEsdILyMZgjI
rHll52OCXWEF0VWopN47nOBjhy5PQ5sCjsBLWSGHYdrQ6/B81IrFCfGu5LOzhcNR
B59Zp4iIialQChHR4yrLwGpiffw6KvTnz5rMjEy8//khC1ffclBqi6lbFMxSvB3U
22iMuR/TA+03vWa1WBB9s6cmYK/eyVD4Zk9cZnuTAX7BOaHGpTLDPelEfgY0BNGQ
azakZhIG8FrTvOE4DRbfhb9mAzc2crYEuK/0nYl6ZZhLeFcYohEY/YlHJjS/957X
UYisMvSTmSHPmuSZQTFNUpYnP9QbP7JZoAnjydPzBDw6TBpg+ExH5w==
=9Vss
-----END PGP SIGNATURE-----

-
A cat that meoweth much catcheth but few mice.

 

[Richard]

Yes, it still has that bug. I've griped about that for years and it
still remains. Sometimes it closes, sometimes it does not.

Which is the best older version to use??

Thanks

 

[D.R]

Not a chance. True, I don't use Adobe for particularly sensitive
documents, but I simply refuse to go back to 6.0. Uses up far too many
resources, takes forever to load, etc.

So what's a good replacement? Is there another free .pdf reader out there?

I concur! Ever try to install 6.0 on anything less than
a PIII? Takes forever just to unpack the installer, let
alone the vast expanse of harddisk real estate the program
occupies - just to read a few .pdfs files. Shheeessssh!!

 

[William F. Adams]

Well, I was using the Glassbook Reader (managed to find a beta somewhere).

Unfortunately, that company was bought out by Adobe which morphed their program
into the Adobe eBook Reader --- if you check groups.google.com you should find
a link which was recently posted for it to comp.sys.pen

There's xpdf for Linux, and a pdfviewer for GNUstep was announced a while back,
but AFAIK, neither of these helps Windows users at this time.

William

 

[Herbert Nagler]

Richard wrote:
----snip----

Which is the best older version to use??

Thanks

----------------
I went back to Version 4.0, have no problems at all.
If you can't find it on the net, look on old software installation CDs,
which came with your peripherals, like printers, scanners, driver CDs, CD
burner software, ISP discs, Soundcard, camera software, old operating discs
(W98SE) and so on.

Good luck
H.N.

 

[Joe]

Richard wrote:
----snip----

----------------
I went back to Version 4.0, have no problems at all.
If you can't find it on the net, look on old software installation CDs,
which came with your peripherals, like printers, scanners, driver CDs, CD
burner software, ISP discs, Soundcard, camera software, old operating discs
(W98SE) and so on.

Good luck
H.N.

I beg your pardon. "W98SE, is "old"? Oh, that is right! Going from
Windows 3.11, to Windows 95, to Windows '98, to Windows '98SE to the
next iteration '03, makes all previous versions, obsolete and no
longer supported. I am way behind the latest MS operating system. It
appears it's all about money. Money equals information. However,
IMO, a company should not abandon support in just a few years. Maybe,
I'm just not up to the velocity of change.

Joe

 

[Joe]

Oop's! I'm off-topic. Sorry!

Joe

 

[Shel]

AN AUSTRALIAN security consulting firm has told users Acrobat Reader
version 5.1 has a highly critical vulnerability that could lead to the
leaking of data.

I have version 4.05; does this have the vulnerability?

Thanks.

 

[Tritoneur]

I concur! Ever try to install 6.0 on anything less than

a PIII? Takes forever just to unpack the installer, let
alone the vast expanse of harddisk real estate the program
occupies - just to read a few .pdfs files. Shheeessssh!!

Try this.

ADOBE READER SPEED-UP V1.12
===========================
Author : Joseph Cox
Website : http://www.tnk-bootblock.co.uk
Forum : http://www.tnk-bootblock.co.uk/forum
Released: 1st January, 2004.


SUPPORTS
--------
This software supports the speed-up of the following:
(Note: Both free and full versions are supported)

Adobe Acrobat 3.0 (experimental)
Adobe Acrobat 4.0
Adobe Acrobat 4.0.5
Adobe Acrobat 5.0
Adobe Acrobat 5.1
Adobe Acrobat 5.5
Adobe Reader 6.0
Adobe Reader 6.0.1


PURPOSE
-------
Adobe Reader Speed-Up (ARSU) was created in an effort to automate
the process of speeding up Adobe Reader's launch time by
disabling the majority of plugins that are, quite franky,
completely useless for most users.

If the program gives you an error when you try to run it,
then you require the VB Runtimes pack. Download it here:
http://www.tnk-bootblock.co.uk/prods/vbruntimes/index.php

When the program is up and running, select your Adobe
Reader directory if you are prompted to via the Change Settings
link on the first step, then click Next and select the
type of speed up you require ("SpeedUp - Fast" is recommended),
and finally click on the Start button.

If you should require to revert back to the original slow
loading state, then run the program again and select Restore
Original Configuration and click on Start.

For information on what the plugins do, click on the Plugin
Help button in the step with the list of plugins. Then click
on a plugin to display its respective information.

That's all there is to it.

 

[Richard]

I went back to Version 4.0, have no problems at all.
If you can't find it on the net, look on old software installation CDs,
which came with your peripherals, like printers, scanners, driver CDs, CD
burner software, ISP discs, Soundcard, camera software, old operating discs
(W98SE) and so on.

Good luck
H.N.

Thanks. I found version 4 at
http://www.oldversion.com/program.php?n=acrobat

 

[John Corliss]

Richard wrote:
----snip----


----------------
I went back to Version 4.0, have no problems at all.
If you can't find it on the net, look on old software installation CDs,
which came with your peripherals, like printers, scanners, driver CDs, CD
burner software, ISP discs, Soundcard, camera software, old operating discs
(W98SE) and so on.

Here is the best place to get it:

http://www.adobe.com/products/acrobat/reader_archive.html

 

[John Corliss]

Gordon Darling wrote:
[snip]
Great. Now I have to use that bloated, slow piece of shit, 6.0. I
wonder if that version still has that bug that keeps a module
running when you view a .pdf file online, leading inevitably to a
lockup of Mozilla.

Yes, it still has that bug. I've griped about that for years and it
still remains. Sometimes it closes, sometimes it does not.

Thanks for your reply, Hemlock.

It actually does close completely for you sometimes, huh? For me, if
the .pdf file actually opens in Mozilla using the Acrobat plugin, then
that process keeps running. If the .pdf file opens in a free standing
instance of Acrobat Reader (and I never know when it's going to do
this) then the process isn't present.

Frankly, I wish .pdf files would go away. I'll actually avoid a
website in a search engine hit list if it shows that going there will
open a .pdf file.

 

[John Corliss]

Try this.

ADOBE READER SPEED-UP V1.12
===========================
Author : Joseph Cox
Website : http://www.tnk-bootblock.co.uk
Forum : http://www.tnk-bootblock.co.uk/forum
Released: 1st January, 2004.


SUPPORTS
--------
This software supports the speed-up of the following:
(Note: Both free and full versions are supported)

Adobe Acrobat 3.0 (experimental)
Adobe Acrobat 4.0
Adobe Acrobat 4.0.5
Adobe Acrobat 5.0
Adobe Acrobat 5.1
Adobe Acrobat 5.5
Adobe Reader 6.0
Adobe Reader 6.0.1

Thanks! I was looking for this one.

 

[John Corliss]

There are plenty of ways to speed it up and fight the flab...
You just have to move all the plug-ins out of the main
directory in to a different one.

I remember reading that in this group. Thanks for reminding me.

 

[Luigi M Bianchi]

(e-mail address removed) (William F. Adams) wrote in

Don't forget AFPL ghostscript v8.14 (with the ghostview v4.6,
frontend). It loads very quickly and handles pdf files (and of of course
ps and ps.gz files). URL: <http://www.ghostscript.com/>


/luigi



Luigi M Bianchi
Science and Technology Studies
Room 2048 TEL Building
York University, 4700 Keele St, Toronto, Ontario, Canada M3J-1P3
phone: +1 (416) 736-2100 x-30104 fax: +1 (416) 736-5188
mail: lbianchi at yorku dot ca http://www.yorku.ca/sasit/sts/