Adobe Systems on Wednesday rolled out patches for security vulnerabilities found in Adobe Reader 7.0 and 7.0.1, and in Adobe Acrobat 7.0 and 7.0.1.
The hole in the products, referred to as an XML External Entity vulnerability, under certain circumstances allows XML scripts to be used to discover a user's local files.
According to Adobe officials, the vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, according to a security advisory from the company. An attacker could then maliciously use the gathered information. But the statement pointed out that the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.
The vulnerability impacts Acrobat and Reader running on Windows and Mac platforms.
Adobe recommends that Reader and Acrobat for Windows customers download the updates provided on the Adobe Web site at adobe.com/support/downloads. The company said it will release an update for the Mac OS versions shortly. Until the Mac patch is available, Adobe advises end-users to disable any Acrobat JavaScript. This should protect systems from the vulnerability.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Applications Resource Alerts
2 Recommendations
