ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  011007-01 Alert Date:  01/10/07 Alert Title:  UPDATE: Adobe releases upgrade option for vulnerable Acrobat/Reader versions Update-to:   010807-01 "Updated version of Adobe Acrobat/Reader addresses vulnerability" OS/Platform/Application:  Adobe Acrobat (Standard, Professional, Elements, 3D) and Reader version 7.0.8 and earlier on Windows and Linux systems Category:  UPDATE Severity:  MEDIUM Attention:  System Administrators, Desktop Support Personnel, Users of Adobe products on Windows/Linux systems

Summary:   Adobe Systems recently released version 8 of its popular reader application to address a Cross-site scripting ("XSS") vulnerability that could allow an attacker to execute arbitrary code on a remote system.  On January 9 2007 Adobe released version 7.0.9 of its reader program to provide a secured version of its application to users that cannot upgrade to version 8.

Recommended Actions:  Users of Adobe Acrobat and reader 7.0.8 or earlier who cannot upgrade to version 8 of Reader are strongly encouraged to upgrade to 7.0.9 at their earliest convenience.  Please note that the Adobe Reader update page is designed to automatically guide the viewer to install version 8; to install version 7.0.9, go to the "download the latest version of reader" page (link provided below), then click on "Choose a different version", Select your operating system, and click "continue".  This action should produce an option screen that will allow you to download version 7.0.9 of Reader.

ITS Actions: At this time, ITS is taking no specific additional actions to address this vulnerability.  An update will be issued if the situation changes.

Resources:

Adobe security advisory:
http://www.adobe.com/support/security/bulletins/apsb07-01.html


Adobe Reader update page (use instructions above to reach 7.0.9):
http://www.adobe.com/go/getreader