Last Updated: 2007-10-22 20:58:04 UTC
by donald smith (Version: 1)
Thanks to Roseman for bringing this to our attention.
"Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat
Release date: October 22, 2007
Vulnerability identifier: APSB07-18
CVE number: CVE-2007-5020
Platform: Windows XP (Vista users are not affected) with Internet Explorer 7 installed
Affected software versions: Adobe Reader 8.1 and earlier, Adobe Reader 7.0.9 and earlier
Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions, Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier"
The acrobat patch is available here http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
The reader patch is available here http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Fellow handler Swa covered this vulnerability and a workaround for it in this diary http://isc.sans.org/diary.html?storyid=3477