Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA07-297B -- Adobe Updates for Microsoft Wi

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA07-297B -- Adobe Updates for Microsoft Windows Vulnerability
Date: Wed, 24 Oct 2007 18:19:58 -0400 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

           National Cyber Alert System
         Cyber Security Alert SA07-297B


Adobe Updates for Microsoft Windows Vulnerability

   Original release date: October 24, 2007
   Last revised: --
   Source: US-CERT

Systems Affected

   Microsoft Windows XP and Windows Server 2003 systems with Internet
   Explorer 7 and any of the following Adobe products:
     * Adobe Reader 8.1 and earlier
     * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
     * Adobe Reader 7.0.9 and earlier
     * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and
       earlier

Overview

   Microsoft Windows XP and Server 2003 systems with Internet Explorer 7
   contain a vulnerability that could allow an attacker to take control
   of your computer by convincing you to open a malicious PDF document.
   Public reports indicate that this vulnerability is being actively
   exploited.

Solution

Apply an update

   Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to
   address this issue. Please see Adobe Security Bulletin APSB07-18 for
   details.

Description

   Microsoft Windows XP and Server 2003 systems with Internet Explorer 7
   installed contain a vulnerability in the way Windows determines the
   appropriate program to handle data specified in a Uniform Resource
   Identifier (URI). An attacker can exploit this vulnerability by
   convincing you to open a specially crafted PDF document. The attacker
   could gain access your computer, install and run malicious software on
   your computer, or cause it to crash.

   More technical information is available in US-CERT Technical Cyber
   Security Alert TA07-297A and Vulnerability Note VU#403150.

References

   * Adobe Security Bulletin APSB07-18 -
     <http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
   
   * Microsoft Security Advisory (943521) -
     <http://www.microsoft.com/technet/security/advisory/943521.mspx>
     
   * US-CERT Vulnerability Note VU#403150 -
     <http://www.kb.cert.org/vuls/id/403150>
     
   * US-CERT Technical Alert TA07-297B -
     <http://www.us-cert.gov/cas/techalerts/TA07-297B.html>

 _________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA07-297B.html>
 _________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "SA07-297B Feedback VU#403150" in the
   subject.
 _________________________________________________________________
    
   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 _________________________________________________________________

Revision History

   October 24, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRx/EX/RFkHkM87XOAQKFVgf/WqSe7r3gseKvxUCUFTvJhMxr+QAB23mp
Bhz7/J65ZMUxKr5YBjMM1vELRZs0rCJyjY6Y4f4+Ig9d5tI7JQnGI6b/5zmJRAst
A4waHADS//AnwXwnZOTvs/eKDfyfKrMakwmUWAaSxqkk6O6yqKdp4toSq2KK3qMz
PsN4FFxNWZFMijONzpeoRo34aSg+ZUwAMbHDhs2A9My0g0I9aCfkQQT9X0S7qDIA
V3t4sCTNK3/uWIBO5P/YEM6TJeWLgcYxsCtbUxaETKxRme3m72gQPEQL6EwPG+nv
y10fLt104XewAPl5V32GWdvop9czbQI9mJeCYaeZPTBLi1RITYWFtQ==
=Mjf+
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA07-297B -- Adobe Updates for Microsoft Windows Vulnerability, US-CERT Alerts <=
Previous by Date:  US-CERT Cyber Security Alert SA07-297A -- RealNetworks RealPlayer ActiveX Playlist Vulnerability, US-CERT Alerts
Next by Date:  US-CERT Cyber Security Alert SA07-303A -- Federal Trade Commission Reports Spoofed Email, US-CERT Alerts
Previous by Thread:  US-CERT Cyber Security Alert SA07-297A -- RealNetworks RealPlayer ActiveX Playlist Vulnerability, US-CERT Alerts
Next by Thread:  US-CERT Cyber Security Alert SA07-303A -- Federal Trade Commission Reports Spoofed Email, US-CERT Alerts
Indexes:  [Date] [Thread] [Top] [All Lists]