Got Adobe Reader? Worry.

  • Thread starter Thread starter Alias
  • Start date Start date
Alias said:
http://www.computerworld.com/action...ArticleBasic&articleId=9129163&intsrc=hm_list

From the article:

"The next day, Wednesday, Belgian security researcher Didier Stevens said
he also had crafted an exploit that triggers the bug without requiring
JavaScript, and backed up his claim by publicly posting proof-of-concept
attack code. His exploit works in the background, and doesn't require that
a user actually open a malformed PDF file."

Alias
Click to expand...

You are really grasping at straws. If you have an up to date antivirus on
your machine you will be fine. If you use some piece of SHIT OS Ubuntu for
example, you can't do any work because Ubuntu isn't compatable with the
popular programs out there.

Ubuntu was written by geeks for geeks who can't get laid.

Imagine, Ubuntu is FREE and NOBODY wants it.
 
webster72n said:
What exactly are the details on this "exploit"?
Click to expand...


It's another of these warnings where the user can get an exploit but the
conditions are beyond reasonable use. Foxit is a better PDF reader anyway..
 
I agree about Foxit is a better pdf reader. What I like most about Foxit is
it uses less memory. Compare to what Adobe reader uses.
 
Mike Hall - MVP said:
It's another of these warnings where the user can get an exploit but the
conditions are beyond reasonable use. Foxit is a better PDF reader anyway..
Click to expand...

Only if you don't care what the file looks like when you read it. I
stopped using alternatives to Acrobat reader when I realized how
crappy some renderings were with them.
 
Ravenshadow said:
I agree about Foxit is a better pdf reader. What I like most about Foxit is
it uses less memory. Compare to what Adobe reader uses.
Click to expand...

That, and the speed at which it loads are two good reasons for using
it, but I prefer the appearance of PDF files when read with Acrobat
Reader.

Besides, most systems today have plenty of RAM and are fast enough so
that those features are really just something that techies get
enthused about. SOME techies. Not this one.
 
Mike Torello said:
That, and the speed at which it loads are two good reasons for using
it, but I prefer the appearance of PDF files when read with Acrobat
Reader.

Besides, most systems today have plenty of RAM and are fast enough so
that those features are really just something that techies get
enthused about. SOME techies. Not this one.
Click to expand...

My PC has AMD 64 X2 3800+ with 3GB DDR2. I still enjoy running foxit compare
to the other one. Planning on upgrading the processor to a AMD 64 X2 5600+
soon. Which is close to max this mobo can handle. Which will be good enough
for my needs.
 
Spanky said:
You are really grasping at straws. If you have an up to date antivirus
on your machine you will be fine.
Click to expand...

Chuckle. It's not a virus, dumb ****.

Snip the usual copy and paste bullshit.

Alias
 
Alias said:
Chuckle. It's not a virus, dumb ****.

Snip the usual copy and paste bullshit.

Alias
Click to expand...

so dipshit. Adobe will fix the reader next week. On the computer will be a
popup asking to install a new version. No problem. Now, if you had Ubuntu
you would have a MAJOR problem. that problem would be your ****ing
applications WON'T work. The most popular applications will not work on
Ubuntu. That means Ubuntu is worthless. What a ****tard you are.
 
It is not the reader that has the vulnalibity but the Adobe Flash Player

Flash Player 10.0.22.87 Security Update

Flash Player update available to address security vulnerabilities

Severity rating:
Adobe categorizes this as a critical update and recommends affected
users upgrade to version 10.0.22.87.

Release date: February 24, 2009
Vulnerability identifier: APSB09-01

CVE number: CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114,
CVE-2009-0521

Platform: All Platforms
Summary
A potential vulnerability has been identified in Adobe Flash Player
10.0.12.36 and earlier that could allow an attacker who successfully
exploits this potential vulnerability to take control of the affected
system. A malicious SWF must be loaded in Flash Player by the user for
an attacker to exploit this potential vulnerability. Additional
vulnerabilities have been addressed in this update. Adobe recommends
users update to the most current version of Flash Player available for
their platform.

Affected software versions
Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3
and earlier for Linux)

To verify the Adobe Flash Player version number, access the About Flash
Player page, or right-click on Flash content and select "About Adobe (or
Macromedia) Flash Player" from the menu. If you use multiple browsers,
perform the check for each browser you have installed on your system.
Test Adobe Shockwave & Flash Players:
http://www.adobe.com/shockwave/welcome/

Solution:
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier
versions upgrade to the newest version 10.0.22.87 by downloading it from
the Player Download Center: http://get.adobe.com/flashplayer/ or by
using the auto-update mechanism within the product when prompted.
For users who cannot update to Flash Player 10, Adobe has developed a
patched version of Flash Player 9, Flash Player 9.0.159.0, which can be
downloaded from the following link: http://www.adobe.com/go/kb406791

Details:
This update resolves a buffer overflow issue that could potentially
allow an attacker to execute arbitrary code. (CVE-2009-0520)
This update resolves an input validation issue that leads to a Denial of
Service (DoS); arbitrary code execution has not been demonstrated, but
may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com
has been deployed to avoid a potential Clickjacking issue variant for
Flash Player. The Settings Manager is a special control panel that runs
on your local computer but is displayed within and accessed from the
Adobe website. (CVE-2009-0114)
This update resolves a Windows-only issue with mouse pointer display
that could potentially contribute to a Clickjacking attack.
(CVE-2009-0522)
This update prevents a potential Linux-only information disclosure issue
in the Flash Player binary that could lead to privilege escalation.
(CVE-2009-0521)
Full details:
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Flash Player Downloads: All Systems & Browsers:
http://www.adobe.com/shockwave/download/alternates/
 
Peter said:
It is not the reader that has the vulnalibity but the Adobe Flash Player
Click to expand...

Adobe Acrobat and Reader have a vulnerability as well. Adobe has not
yet released a fix for these.

http://www.adobe.com/support/security/advisories/apsa09-01.html

"A critical vulnerability has been identified in Adobe Reader 9 and
Acrobat 9 and earlier versions. This vulnerability would cause the
application to crash and could potentially allow an attacker to take
control of the affected system. There are reports that this issue is
being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to
resolve the relevant security issue. Adobe expects to make available an
update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009..."

http://www.theregister.co.uk/2009/03/05/click_free_pdf_peril/

"An unpatched flaw in Adobe Acrobat and Reader might be exploited
without even needing to trick a surfer into opening a maliciously
constructed file."
 
Mike said:
It's another of these warnings where the user can get an exploit but the
conditions are beyond reasonable use...
Click to expand...

This flaw appears to be one that's being actively exploited.

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219

"The Shadowserver Foundation has recently become aware of a very severe
vulnerability in Adobe Acrobat affecting versions 8.x and 9 that is
currently on the loose in the wild and being actively exploited..."
 
Peter Foldes said:
It is not the reader that has the vulnalibity but the Adobe Flash Player

Flash Player 10.0.22.87 Security Update

Flash Player update available to address security vulnerabilities

Severity rating:
Adobe categorizes this as a critical update and recommends affected
users upgrade to version 10.0.22.87.

Release date: February 24, 2009
Vulnerability identifier: APSB09-01

CVE number: CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114,
CVE-2009-0521

Platform: All Platforms
Summary
A potential vulnerability has been identified in Adobe Flash Player
10.0.12.36 and earlier that could allow an attacker who successfully
exploits this potential vulnerability to take control of the affected
system. A malicious SWF must be loaded in Flash Player by the user for
an attacker to exploit this potential vulnerability. Additional
vulnerabilities have been addressed in this update. Adobe recommends
users update to the most current version of Flash Player available for
their platform.

Affected software versions
Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3
and earlier for Linux)

To verify the Adobe Flash Player version number, access the About Flash
Player page, or right-click on Flash content and select "About Adobe (or
Macromedia) Flash Player" from the menu. If you use multiple browsers,
perform the check for each browser you have installed on your system.
Test Adobe Shockwave & Flash Players:
http://www.adobe.com/shockwave/welcome/

Solution:
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier
versions upgrade to the newest version 10.0.22.87 by downloading it from
the Player Download Center: http://get.adobe.com/flashplayer/ or by
using the auto-update mechanism within the product when prompted.
For users who cannot update to Flash Player 10, Adobe has developed a
patched version of Flash Player 9, Flash Player 9.0.159.0, which can be
downloaded from the following link: http://www.adobe.com/go/kb406791

Details:
This update resolves a buffer overflow issue that could potentially
allow an attacker to execute arbitrary code. (CVE-2009-0520)
This update resolves an input validation issue that leads to a Denial of
Service (DoS); arbitrary code execution has not been demonstrated, but
may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com
has been deployed to avoid a potential Clickjacking issue variant for
Flash Player. The Settings Manager is a special control panel that runs
on your local computer but is displayed within and accessed from the
Adobe website. (CVE-2009-0114)
This update resolves a Windows-only issue with mouse pointer display
that could potentially contribute to a Clickjacking attack.
(CVE-2009-0522)
This update prevents a potential Linux-only information disclosure issue
in the Flash Player binary that could lead to privilege escalation.
(CVE-2009-0521)
Full details:
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Flash Player Downloads: All Systems & Browsers:
http://www.adobe.com/shockwave/download/alternates/
Click to expand...
 
TomV said:
Adobe Acrobat and Reader have a vulnerability as well. Adobe has not yet
released a fix for these.

http://www.adobe.com/support/security/advisories/apsa09-01.html

"A critical vulnerability has been identified in Adobe Reader 9 and
Acrobat 9 and earlier versions. This vulnerability would cause the
application to crash and could potentially allow an attacker to take
control of the affected system. There are reports that this issue is being
exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to
resolve the relevant security issue. Adobe expects to make available an
update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009..."

http://www.theregister.co.uk/2009/03/05/click_free_pdf_peril/

"An unpatched flaw in Adobe Acrobat and Reader might be exploited without
even needing to trick a surfer into opening a maliciously constructed
file."
Click to expand...

Doesn't sound good at all, Tom.
Maybe switching to FR would be better, only thing is I am used to Adobe.

Harry.
 
Peter said:
It is not the reader that has the vulnalibity but the Adobe Flash Player

Flash Player 10.0.22.87 Security Update

Flash Player update available to address security vulnerabilities

Severity rating:
Adobe categorizes this as a critical update and recommends affected
users upgrade to version 10.0.22.87.

Release date: February 24, 2009
Vulnerability identifier: APSB09-01

CVE number: CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114,
CVE-2009-0521

Platform: All Platforms
Summary
A potential vulnerability has been identified in Adobe Flash Player
10.0.12.36 and earlier that could allow an attacker who successfully
exploits this potential vulnerability to take control of the affected
system. A malicious SWF must be loaded in Flash Player by the user for
an attacker to exploit this potential vulnerability. Additional
vulnerabilities have been addressed in this update. Adobe recommends
users update to the most current version of Flash Player available for
their platform.

Affected software versions
Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3
and earlier for Linux)

To verify the Adobe Flash Player version number, access the About Flash
Player page, or right-click on Flash content and select "About Adobe (or
Macromedia) Flash Player" from the menu. If you use multiple browsers,
perform the check for each browser you have installed on your system.
Test Adobe Shockwave & Flash Players:
http://www.adobe.com/shockwave/welcome/

Solution:
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier
versions upgrade to the newest version 10.0.22.87 by downloading it from
the Player Download Center: http://get.adobe.com/flashplayer/ or by
using the auto-update mechanism within the product when prompted.
For users who cannot update to Flash Player 10, Adobe has developed a
patched version of Flash Player 9, Flash Player 9.0.159.0, which can be
downloaded from the following link: http://www.adobe.com/go/kb406791

Details:
This update resolves a buffer overflow issue that could potentially
allow an attacker to execute arbitrary code. (CVE-2009-0520)
This update resolves an input validation issue that leads to a Denial of
Service (DoS); arbitrary code execution has not been demonstrated, but
may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com
has been deployed to avoid a potential Clickjacking issue variant for
Flash Player. The Settings Manager is a special control panel that runs
on your local computer but is displayed within and accessed from the
Adobe website. (CVE-2009-0114)
This update resolves a Windows-only issue with mouse pointer display
that could potentially contribute to a Clickjacking attack.
(CVE-2009-0522)
This update prevents a potential Linux-only information disclosure issue
in the Flash Player binary that could lead to privilege escalation.
(CVE-2009-0521)
Full details:
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Flash Player Downloads: All Systems & Browsers:
http://www.adobe.com/shockwave/download/alternates/
Click to expand...

Not related.

Alias
 
Frank said:
Proving my point...again?...LOL!
Oh and thanks sheep-fukker!
Click to expand...

Your "point" was I can get it with Linux Adobe reader. I stated I don't
use Adobe Reader in Linux and I proved your point? Please explain if you
can (you can't).

Alias
 
TomV said:
This flaw appears to be one that's being actively exploited.

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219

"The Shadowserver Foundation has recently become aware of a very severe
vulnerability in Adobe Acrobat affecting versions 8.x and 9 that is
currently on the loose in the wild and being actively exploited..."
Click to expand...


And as Adobe will not fix the problem immediately, now would be a good time
to dump Adobe Reader for Foxit, yes?
 
Back
Top