New
#1
Thanks Aaron.
source: AdobeSecurity Updates available for Adobe Reader 9 and Acrobat 9
Release date: March 10, 2009
Vulnerability identifier: APSB09-03
CVE number: CVE-2009-0658
Platform: All Platforms
Summary
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.
I'd installed 9.0 by extracting the setup files from the installation package using Extracting the Adobe Reader 9 MSI installer for enterprise deployment
9.1 installed straight over the top without a manual extraction required.
Must have been tested with a Windows 7 build
Interestingly I had v9.0 installed and clicked on Updates. It only offered a language pack. I then uninstalled and reinstalled 9.1 from the website.
It's about time Adobe addressed this vulnerability. At first they said they were going to wait until April or May to provide a fix. But there was a lot of publicity about it. Thanks for the news!
Did anyone else have a problem with the UAC (on Vista) when they first installed Adobe? Every time I opened a web page, the UAC popped up, asking for confirmation to run the "getPlus" Adobe program. I closed my browser (FF) and reopened and everything seems to be normal again, but I felt like I should put this out there.
thanx aaron gonna check for more vunerabilities