RHSA-2008:0144: acroread security update
Description
The Adobe Reader allows users to view and print documents in portabledocument format (PDF).Several flaws were found in the way Adobe Reader processed malformed PDFfiles. An attacker could create a malicious PDF file which could executearbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663,CVE-2007-5666, CVE-2008-0726)A flaw was found in the way the Adobe Reader browser plug-in honoredcertain requests. A malicious PDF file could cause the browser to requestan unauthorized URL, allowing for a cross-site request forgery attack.(CVE-2007-0044)A flaw was found in Adobe Reader's JavaScript API DOC.print function. Amalicious PDF file could silently trigger non-interactive printing of thedocument, causing multiple copies to be printed without the users consent.(CVE-2008-0667)Additionally, this update fixes multiple unknown flaws in Adobe Reader.When the information regarding these flaws is made public by Adobe, it willbe added to this advisory. (CVE-2008-0655)Note: Adobe have yet to release security fixed versions of Adobe 7. Allusers of Adobe Reader are, therefore, advised to install these updatedpackages. They contain Adobe Reader version 8.1.2, which is not vulnerableto these issues.
Solution(s)
- redhat-upgrade-acroread-plugin
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center