BugTraq
Adobe Reader 7: XML External Entity (XXE) Attack Jun 16 2005 03:08PM
Sverre H. Huseby (shh thathost com) (1 replies)
Re: Adobe Reader 7: XML External Entity (XXE) Attack Jun 17 2005 10:42AM
Slawek (sgp telsatgp com pl)
Hello!
In message to <bugtraq (at) securityfocus (dot) com [email concealed]> sent Thu, 16 Jun 2005 17:08:38
+0200 you wrote:

SHH> XML External Entity (XXE) Attack Possible in Adobe Reader 7
SHH> -----------------------------------------------------------

SHH> SHH #7, 2005-06-16

[...]

SHH> Fixed versions
SHH> --------------

SHH> Adobe Reader version 7.0.2.
SHH> For Adobe's own advisory, see the following URL:
SHH> http://www.adobe.com/support/techdocs/331710.html

It looks like Adobe Acrobat Reader 7 automatically downloads this update (if
enabled to do so), but unfortunatelly there is probably a problem with an
update itself.

My situation:
1) I've spotted a few PDF files which required Reader 7.
2) There were no Polish version of the Reader 7 available so I've installed
English one.
3) An update was automatically detected by the Reader and it installed
without problems.
4) I've noticed Polish version is available, so I've downloaded it.
5) I've uninstalled Reader 7 and the security update and installed Polish
version.
6) An update doesn't install now (although Reader detects it needs it).

I've tried reinstalling English version and it doesn't want to install an
update either.

So better don't uninstall the Reader after you've installed the update or
you'll may end up being not protected.

------------------------------------------
Slawomir Piotrowski / Telsat GP
Rejestracja Czasu Pracy i Kontrola Dostepu
http://www.ewidencja-czasu-pracy.pl
------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus