ID: 3428
Date: 13 October 2007 19:00
Title: 3428 - Adobe Security Bulletins
Abstract: A description of a number of Adobe product vulnerabilities
Vendors affected:Adobe
Applications affected:PageMaker, Illustrator and GoLive 9
Attack Vector: Vulnerability exploitation
Potential Damage: Privilege escalation
Availability of fix: Available
Type of fix: Patch
Source: Adobe
Reliability of source: Known
Source URL: http://www.adobe.com/support/security/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adobe Security Bulletins:
- - Patch available for PageMaker buffer overflow vulnerability
- - Illustrator CS3 Update to Address Potential Security Vulnerabilities
- - GoLive 9 Update to Address Potential Security Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APSB07-15 - Patch available for PageMaker buffer overflow vulnerability
Originally posted: October 9, 2007
Summary:
A critical vulnerability has been identified in Adobe PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. It is recommended that users update their installations using the instructions provided.
Severity Rating:
Adobe categorizes this update as critical http://direct.adobe.com/r?xJlJvPvElTTcEcHHqJccJ
Adobe recommends that users apply this update to their installations. Learn more:
http://www.adobe.com/support/security/bulletins/apsb07-15.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APSB07-16 - Illustrator CS3 Update to Address Potential Security Vulnerabilities
Originally posted: October 9, 2007
Summary:
Critical vulnerabilities have been identified in Illustrator CS 3 that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious BMP, DIB, RLE, or PNG must be opened in Illustrator by the user for an attacker to exploit these potential vulnerabilities.
Severity Rating:
Adobe categorizes this update as critical http://direct.adobe.com/r?xJlJvPvElTTcEcHHqJccJ
Adobe recommends that users apply this update to their installations. Learn more:
http://www.adobe.com/support/security/bulletins/apsb07-16.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APSB07-17 - GoLive 9 Update to Address Potential Security Vulnerabilities
Originally posted: October 9, 2007
Summary:
Critical vulnerabilities have been identified in GoLive 9 that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A user must be convinced to insert a malicious BMP, DIB, RLE, or into a GoLive document for an attacker to exploit these potential vulnerabilities.
Severity Rating:
Adobe categorizes this update as critical http://direct.adobe.com/r?xJlJvPvElTTcEcHHqJccJ
Adobe recommends that users update their installations.
Learn more:
http://www.adobe.com/support/security/bulletins/apsb07-17.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS, OR FIXES PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT.
(USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. IN NO EVENT SHALL ADOBE, INC. OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.
Adobe reserves the right, from time to time, to update the information in this document with current information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.