Adobe released security bulletin APSA08-01 on February 7, 2008 for Adobe Reader/Acrobat < v8.1.2. The update to v8.1.2 included several fixes, including some which could be exploited.
Based on the article if you have a version of 7.0.9 and earlier, Adobe does not currently have a patch.
For 8.x, the recommendation for Adobe Reader is to upgrade to v8.1.2. There’s a fixlet for that in the “Updates for Windows Applications” site.
For Adobe Acrobat Standard and Professional, you need incrementally patch to v8.1.2. Currently there’s 3 fixlets for this in the “Updates for Windows Applications” site.
Adobe Acrobat 8.1 Available - Adobe Acrobat 8.0
Adobe Acrobat 8.1.1 Available - Adobe Acrobat 8.1.0
Adobe Acrobat 8.1.2 Available - Adobe Acrobat 8.1.1
The 8.1.1 patch from 8.1.0 is marked as critical. The other two are set as “”. Shouldn’t all 3 be marked as a critical update?
This is always tricky for us because our “Source Severity” column is supposed to reflect the vendor’s classification of the patch. We don’t normally re-classify the patch on the vendor’s behalf so if Adobe releases 2 patches and then a “critical” patch like you mentioned, we simply reflect each patch’s severity as specified by Adobe.
Indeed, Adobe’s information page for the 8.1.2 update (http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849) does not explicate any Source Severity information, hence our having labeled the fixlet’s Source Severity as . You’re correct in that the bulletin APSA08-01 which is covered by the 8.1.2 update
is
explicated as Critical. Thus we’ve updated the Source Severity for our “Adobe Acrobat 8.1.2 Available - Adobe Acrobat 8.1.1” fixlet so that it is labeled as Critical.
Thanks for pointing this out, and tell us if the update doesn’t show up for you.