1/4/2007 Adobe 7 Vulnerability

(imported topic written by Veneficus)

Is there a fixlet in progress for the 1/4/2007 Adobe 7 vulnerability? What is the ETA?

(imported comment written by SystemAdmin)

Hi Veneficus,

Could you post a link to the resource you are referring to? I don’t want to mistake our coverage.

The Adobe updates and security patches are covered in the Updates for Windows Applications site. Are you subscribed to this?

I see a Fixlet called “Update Available for Potential vulnerabilities in Adobe Acrobat 7” but the source release date is 12/5/2006. Here is the KB article on it:


(imported comment written by BenKus)

Hi Veneficus,

Our “Updates for Windows Applications” site handles Adobe upgrades. Currently, the only known solution is to upgrade to Adobe 8 (which is supported by our Fixlet site, but you need to be properly licensed by Adobe for the upgrade).

Here is more info we found from Adobe:

Adobe Reader users should upgrade to Reader 8: www.adobe.com/go/getreader.

For users who cannot upgrade to Reader 8, the Secure Software Engineering team is working with the Adobe Reader Engineering team on a 7.0.9 update to versions 7.0.8 and earlier of Adobe Reader and Acrobat that will resolve this issue, which is expected to be available in the next week. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available. In the meantime, Acrobat and Reader customers who cannot upgrade can use their browser preferences to disable the Acrobat and Reader plugins from opening within the browser.

All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert.

We will have the new patch available when it is released… but you must have the “Updates for Windows Application” site to get the Fixlets for this.