(RHSA-2008:0144) Critical: acroread security update

2008-02-22T05:00:00
ID RHSA-2008:0144
Type redhat
Reporter RedHat
Modified 2018-05-26T04:26:18

Description

The Adobe Reader allows users to view and print documents in portable document format (PDF).

Several flaws were found in the way Adobe Reader processed malformed PDF files. An attacker could create a malicious PDF file which could execute arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0726)

A flaw was found in the way the Adobe Reader browser plug-in honored certain requests. A malicious PDF file could cause the browser to request an unauthorized URL, allowing for a cross-site request forgery attack. (CVE-2007-0044)

A flaw was found in Adobe Reader's JavaScript API DOC.print function. A malicious PDF file could silently trigger non-interactive printing of the document, causing multiple copies to be printed without the users consent. (CVE-2008-0667)

Additionally, this update fixes multiple unknown flaws in Adobe Reader. When the information regarding these flaws is made public by Adobe, it will be added to this advisory. (CVE-2008-0655)

Note: Adobe have yet to release security fixed versions of Adobe 7. All users of Adobe Reader are, therefore, advised to install these updated packages. They contain Adobe Reader version 8.1.2, which is not vulnerable to these issues.