ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  010807-01 Alert Date:  01/08/07 Alert Title:  Updated version of Adobe Acrobat/Reader addresses vulnerability Update-to:   None OS/Platform/Application:  Adobe Acrobat (Standard, Professional, Elements, 3D) and Reader version 7.0.8 and earlier on Windows and Linux systems Category:  ALERT Severity:  MEDIUM Attention:  System Administrators, Desktop Support Personnel, Users of Adobe products on Windows/Linux systems

Summary:   A Cross-site scripting ("XSS") vulnerability has been discovered in Adobe Systems' popular Acrobat and reader products.  Exploitation of this vulnerability could result in remote code execution; this severity rating for this vulnerability is rated as "Important" by the vendor and "moderately critical" to "critical" by various Internet security monitoring agencies.

Recommended Actions:  Adobe Reader version 8.0.0 fixes this vulnerability.  System dministrators and Adobe users are encouraged to read the information about this vulnerability and update (links provided below) and install the updated version of this software at their earliest convenience.

ITS Actions: At this time, ITS is taking no specific additional actions to address this vulnerability.  An update will be issued if the situation changes.

Resources:

Adobe security advisory:
http://www.adobe.com/support/security/advisories/apsa07-01.html

Adobe 8.0.0 update page:
http://www.adobe.com/products/acrobat/readstep2.html

FrSIRT advisory:
http://www.frsirt.com/english/advisories/2007/0032

Secunia advisory:
http://secunia.com/advisories/23483/

SANS advisory:
http://isc.sans.org/diary.html?storyid=1999