Hello listers and support,
This is not exactly on the Legacy subject but it concerns
everyone who uses Adobe. I get updates from Panda Software
(security) and received this today. Since a lot of you have made
comments about Adobe I thought you might want to read it. Then
you could take precautions or download the update from Adobe that
is listed in the notice.
- Adobe ActiveX allows file discovery -
Oxygen3 24h-365d, by Panda Software
(http://www.pandasoftware.com)
Madrid, April 27 2005 - A vulnerability has been reported within
the Adobe Reader and Acrobat web control. This vulnerability
means that, under certain circumstances, the Internet Explorer
ActiveX control can make it possible to discover the existence of
local files by monitoring the behavior of certain methods.
Adobe Reader contains a Safe for Scripting method with the
definition of "VARIANT_BOOL LoadFile([in] BSTR FileName)". A
malicious user could take advantage of this if they get their
victim to access the website controlled by the attacker. On the
website, the attacker can call the LoadFile method, passing in a
local file name on their victim's computer. In this way the
attacker would be able to determine whether a certain file was
present on the victim's system.
Although it is not possible to get the contents of the file, this
method can be useful to attackers to know the path or presence of
certain files. Although this does not allow attackers to take
complete control of the system, it can be used as part of more
complex attacks.
Adobe has reported this situation at
http://www.adobe.com/support/techdocs/331465.html and recommended
updating to version 7.0.1 of the product.
NOTE: The address above may not show up on your screen as a
single line. This would prevent you from using the link to access
the web page. If this happens, just use the 'cut' and 'paste'
options to join the pieces of the URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner:
1)Netsky.P; 2)Mhtredir.gen; 3)Agent.PF; 4)Qhost.AF;
5)Downloader.CGD.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
Myrna Jorgensen
San Luis Soyatlan, Jalisco, Mexico
myrna20 [at] prodigy dot net dot mx
Legacy User Group Etiquette guidelines can be found at:
http://www.LegacyFamilyTree.com/Etiquette.asp
To find past messages, please go to our searchable archives at:
http://www.mail-archive.com/legacyusergroup%40mail.millenniacorp.com/
To unsubscribe please visit:
http://www.legacyfamilytree.com/LegacyLists.asp
