[Analysis Details] Adobe Describes Holes, Offered Patches in Security

[Analysis Details] Adobe Describes Holes, Offered Patches in Security http://www.dslreports.com/forum/r20451716 en Thu, 08 Jan 2009 02:49:41 EDT Thu, 08 Jan 2009 02:49:41 EDT Re: [Analysis Details] Adobe Describes Holes, Offered Patches http://www.dslreports.com/forum/remark,20556518 Name Game : How true..but they seem to respond faster to those vulnerabilites...

»Foxit Reader "util.printf()" Buffer Overflow Vulnerability
and I have yet to see one in the wild. ;)]]> http://www.dslreports.com/forum/remark,20556518 Thu, 29 May 2008 08:49:23 EDT Re: [Analysis Details] Adobe Describes Holes, Offered Patches http://www.dslreports.com/forum/remark,20555848 C DM :

said by Name Game

:

I have given up on Adobe reader now completely..Foxit reader is so much more compact..free and does a great job.
Incredibly small: The download size of Foxit Reader is only 2.55 M which is a fraction of Acrobat Reader 20 M size.

»www.foxitsoftware.com/pdf/rd_intro.php

If you want some other ideas and comparisons see here

»www.technospot.net/blogs/5-popul···-tested/

Foxit is a pretty good reader. However, this being a security-focused thread (more or less), it should be mentioned it also has security holes (pretty much just like anything else out there).]]> http://www.dslreports.com/forum/remark,20555848 Thu, 29 May 2008 01:56:24 EDT Re: [Analysis Details] Adobe Describes Holes, Offered Patches http://www.dslreports.com/forum/remark,20543952 Name Game : I have given up on Adobe reader now completely..Foxit reader is so much more compact..free and does a great job.
Incredibly small: The download size of Foxit Reader is only 2.55 M which is a fraction of Acrobat Reader 20 M size.

»www.foxitsoftware.com/pdf/rd_intro.php

If you want some other ideas and comparisons see here

»www.technospot.net/blogs/5-popul···-tested/]]> http://www.dslreports.com/forum/remark,20543952 Mon, 26 May 2008 23:50:38 EDT Re: [Analysis Details] Adobe Describes Holes, Offered Patches http://www.dslreports.com/forum/remark,20543734 Libra : Thanks for that link, Cudni. As a result, I removed version 7.0.8 and installed 7.1.0 last week.

Sincerely, Libra]]> http://www.dslreports.com/forum/remark,20543734 Mon, 26 May 2008 22:52:49 EDT Re: [Analysis Details] Adobe Describes Holes, Offered Patches http://www.dslreports.com/forum/remark,20458417 Cudni : also
»Adobe Security Advisory:

Cudni]]> http://www.dslreports.com/forum/remark,20458417 Fri, 09 May 2008 17:57:49 EDT Re: [Analysis Details] Adobe Describes Holes, Offered Patches http://www.dslreports.com/forum/remark,20458374 Libra : Hi NameGame,
Thank you for the information.
I have Adobe Reader 7.0.8 installed on the XP computer. In view of past vulnerabilities I set it within the program to not access the internet and also turned off javascript. Also, it would only be used in a limited user account. Do I have to be concerned about this version?
Sincerely, Libra]]> http://www.dslreports.com/forum/remark,20458374 Fri, 09 May 2008 17:48:08 EDT [Analysis Details] Adobe Describes Holes, Offered Patches http://www.dslreports.com/forum/remark,20451716 Name Game : Adobe Describes Holes, Offers Patches

Three months after acknowledging multiple vulnerabilities in its popular Reader software and then patching the program, Adobe Tuesday finally provided some details about the bugs.

In a security bulletin issued Tuesday, Adobe listed eight vulnerabilities -- most of them critical -- that it patched in early February when it released Reader 8.1.2 and Acrobat 8.1.2. At the time, Adobe had only said it fixed "a number of ... security vulnerabilities" in the two programs; it did not specify how many flaws were fixed, what they were or how attackers might exploit them.

Reader is one of the world's most popular pieces of software, since it's both free and the default PDF viewer for many users.

The secrecy three months ago puzzled security researchers, who noted that Adobe was usually more forthcoming about vulnerabilities. Today, one researcher speculated about the mystery. "I think Adobe thought the severity of the vulnerabilities warranted some secrecy," said Andrew Storms, nCircle's director of security operations. "Six of the eight are in JavaScript. That's not a very difficult attack scenario. It's not as if you have to compile code. And it's going to work on any processor, and on almost any machine."

Even though Adobe disclosed some information about the bugs it fixed in February, the bulletin was still terse. It did not spell out possible attack vectors or even rate the bugs. "These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system," was about as far as the bulletin ventured.

Storms agreed that the three-month lag between patching the vulnerabilities and divulging some details was extreme, but noted that many of the flaws went back farther than February. "Some were apparently disclosed [to Adobe by researchers] in late 2007," he said. "There's one from November, and others from September and October."

»www.pcworld.com/businesscenter/a···hes.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/
*
A fun/friendly/informative forum for the mature elder crowd
»www.theover50goldengroup.net
]]> http://www.dslreports.com/forum/remark,20451716 Thu, 08 May 2008 13:28:59 EDT