vulnerability found in Adobe PDF reader

I promise I will not become one of those annoying people who forwards
every known or assumed security risk announcement I come across, but...

....being that this comes from a reliable source, and it potentially
places 61% of all Windows users into a security risk, I thought I would
also pass this to our group.

PDF World Update
================================================== =======
1. Adobe Ships Silent Fix for Critical PDF Reader Flaw

Adobe patched a gaping code execution hole in Reader but,
inexplicably, has issued no public documentation on the risk
severity.

http://www.eweek.com/c/a/Security/Ad...ZPDFEMNL021208

Art

Arthur Entlich wrote:
I promise I will not become one of those annoying people who forwards
every known or assumed security risk announcement I come across, but...

...being that this comes from a reliable source, and it potentially
places 61% of all Windows users into a security risk, I thought I would
also pass this to our group.

PDF World Update
================================================== =======
1. Adobe Ships Silent Fix for Critical PDF Reader Flaw

Adobe patched a gaping code execution hole in Reader but,
inexplicably, has issued no public documentation on the risk
severity.

http://www.eweek.com/c/a/Security/Ad...ZPDFEMNL021208


Art
Hmmm. No mention of a comparable fix for the Linux version of Adobe
Reader 8. Must be it's not needed because the vulnerability is tied to
Internet Explorer, and there is no Linux version of IE - something for
which all Linux users should be profoundly grateful. Firefox is a much
better browser, anyway.

TJ

They don't mention if it is a vulnerability or not for Linux, just that
no patch was made for Adobe Reader. The fact that they offer patches
for current Windows OSs and the current version of Mac OS doesn't mean
that it isn't a Linux issue, just that they haven't offered a patch for
it (yet?). Or maybe they never made the updated version for Linux at
all and therefore didn't require to fix it?

They don't mention Windows 98 either, but that doesn't mean it isn't
vulnerable, maybe they just never produced an Adobe Reader with the flaw
for it.

Art


TJ wrote:
Arthur Entlich wrote:

I promise I will not become one of those annoying people who forwards
every known or assumed security risk announcement I come across, but...

...being that this comes from a reliable source, and it potentially
places 61% of all Windows users into a security risk, I thought I
would also pass this to our group.

PDF World Update
================================================== =======
1. Adobe Ships Silent Fix for Critical PDF Reader Flaw

Adobe patched a gaping code execution hole in Reader but,
inexplicably, has issued no public documentation on the risk
severity.

http://www.eweek.com/c/a/Security/Ad...ZPDFEMNL021208


Art

Hmmm. No mention of a comparable fix for the Linux version of Adobe
Reader 8. Must be it's not needed because the vulnerability is tied to
Internet Explorer, and there is no Linux version of IE - something for
which all Linux users should be profoundly grateful. Firefox is a much
better browser, anyway.

TJ

TJ wrote:
Arthur Entlich wrote:
I promise I will not become one of those annoying people who forwards
every known or assumed security risk announcement I come across, but...

...being that this comes from a reliable source, and it potentially
places 61% of all Windows users into a security risk, I thought I
would also pass this to our group.

PDF World Update
================================================== =======
1. Adobe Ships Silent Fix for Critical PDF Reader Flaw

Adobe patched a gaping code execution hole in Reader but,
inexplicably, has issued no public documentation on the risk
severity.

http://www.eweek.com/c/a/Security/Ad...ZPDFEMNL021208


Art
Hmmm. No mention of a comparable fix for the Linux version of Adobe
Reader 8. Must be it's not needed because the vulnerability is tied to
Internet Explorer, and there is no Linux version of IE - something for
which all Linux users should be profoundly grateful. Firefox is a much
better browser, anyway.

TJ

You have said many things in the past and when I told you that you were
incorrect you still debated. Now you say:
QUOTE
and there is no Linux version of IE
ENDQUOTE

I have run IE under Linux. I only use it as an emergency. I cannot
remember if it is running true native or under its own version of wine
line Picasa.

measekite wrote:


TJ wrote:

Hmmm. No mention of a comparable fix for the Linux version of Adobe
Reader 8. Must be it's not needed because the vulnerability is tied to
Internet Explorer, and there is no Linux version of IE - something for
which all Linux users should be profoundly grateful. Firefox is a much
better browser, anyway.

TJ

You have said many things in the past and when I told you that you were
incorrect you still debated. Now you say: QUOTE
and there is no Linux version of IE
ENDQUOTE

I have run IE under Linux. I only use it as an emergency. I cannot
remember if it is running true native or under its own version of wine
line Picasa.

And I'll debate now, too. What makes you think I'd ever decide I was
wrong just because you tell I am? Sigh. What arrogance!

If you ran IE under Linux, you were using wine, Crossover Office, or
Win4Lin. All are Windows emulators of one sort or another. There is no
version of IE written for Linux, period. At least, none that's ever been
released by Microsoft. Check with Microsoft, if you don't believe me.

I can't imagine what sort of "emergency" would cause you to run IE under
Linux. The only reason I can possibly think of is if you run into a
website that won't work with anything else - and there are a few, but
getting fewer all the time - and I wouldn't classify that as an "emergency."

TJ

Arthur Entlich wrote:
They don't mention if it is a vulnerability or not for Linux, just that
no patch was made for Adobe Reader. The fact that they offer patches
for current Windows OSs and the current version of Mac OS doesn't mean
that it isn't a Linux issue, just that they haven't offered a patch for
it (yet?). Or maybe they never made the updated version for Linux at
all and therefore didn't require to fix it?

They don't mention Windows 98 either, but that doesn't mean it isn't
vulnerable, maybe they just never produced an Adobe Reader with the flaw
for it.

Adobe Reader 6.x is the last that will work with Windows 98, and like
most other Windows 98 software, it's no longer supported. The way I read
the article, the root flaw is with IE. Adobe Reader just allows somebody
to take advantage of it.

TJ

In article osAsj.35400$FA.24846@pd7urf2no, Arthur Entlich wrote:
PDF World Update
================================================= ========
1. Adobe Ships Silent Fix for Critical PDF Reader Flaw

Adobe patched a gaping code execution hole in Reader but,
inexplicably, has issued no public documentation on the risk
severity.

This is not surprising. Whenever you have 22MB of bloatware there's bound to
be a few problems. I've been using Foxit reader which is 1/10 the size, loads
more than 10 times as fast, and doesn't come with any bundled security holes.
I ditched the Adobe stuff a long time ago and haven't looked back since.

"Arthur Entlich" wrote in message
newssAsj.35400$FA.24846@pd7urf2no...
I promise I will not become one of those annoying people who forwards every
known or assumed security risk announcement I come across, but...

...being that this comes from a reliable source, and it potentially places
61% of all Windows users into a security risk, I thought I would also pass
this to our group.

PDF World Update
================================================== =======
1. Adobe Ships Silent Fix for Critical PDF Reader Flaw

Adobe patched a gaping code execution hole in Reader but,
inexplicably, has issued no public documentation on the risk
severity.

http://www.eweek.com/c/a/Security/Ad...ZPDFEMNL021208

Art

Art - immediately after I read this post Adobe auto-updated my Adobe Reader
program.

They've been watching me ;-0

Art

Burt wrote:

"Arthur Entlich" wrote in message
newssAsj.35400$FA.24846@pd7urf2no...

I promise I will not become one of those annoying people who forwards every
known or assumed security risk announcement I come across, but...

...being that this comes from a reliable source, and it potentially places
61% of all Windows users into a security risk, I thought I would also pass
this to our group.

PDF World Update
================================================ =========
1. Adobe Ships Silent Fix for Critical PDF Reader Flaw

Adobe patched a gaping code execution hole in Reader but,
inexplicably, has issued no public documentation on the risk
severity.

http://www.eweek.com/c/a/Security/Ad...ZPDFEMNL021208

Art


Art - immediately after I read this post Adobe auto-updated my Adobe Reader
program.

TJ wrote: measekite wrote:


TJ wrote:

Hmmm. No mention of a comparable fix for the Linux version of Adobe Reader 8. Must be it's not needed because the vulnerability is tied to Internet Explorer, and there is no Linux version of IE - something for which all Linux users should be profoundly grateful. Firefox is a much better browser, anyway.

TJ

You have said many things in the past and when I told you that you were incorrect you still debated.  Now you say: QUOTE
and there is no Linux version of IE
ENDQUOTE

I have run IE under Linux.  I only use it as an emergency.  I cannot remember if it is running true native or under its own version of wine line Picasa.

And I'll debate now, too. What makes you think I'd ever decide I was wrong just because you tell I am? Sigh. What arrogance!

If you ran IE under Linux, you were using wine, Crossover Office, or Win4Lin. All are Windows emulators of one sort or another. There is no version of IE written for Linux, period. At least, none that's ever been released by Microsoft. Check with Microsoft, if you don't believe me.

I can't imagine what sort of "emergency" would cause you to run IE under Linux. A website I needed was using certain code that did not run properly with Firefox.  Now that has been changed but for a short time I had to us IE for Linux.  And I did tell you it ran may have run under wine.
The only reason I can possibly think of is if you run into a website that won't work with anything else - and there are a few, but getting fewer all the time - and I wouldn't classify that as an "emergency."
If you needed it is can be classed as an emergency.  The other choice was to boot Windows.  This ran seamlessly.

TJ