dedicated server help
web hosting guides
dedicated server home dedicated server forums dedicated server reviews dedicated resources partners dedicated server resources contact dedicated servers

dedicated server guides
Getting Started
General Tutorials
cPanel Tutorials
Security Center
Name Servers
Server Monitoring
Server Backups
Hosting Interviews
Web Hosting News
Reviews
For Fun
Linux Tutorials
Hosting Articles
Web Hosting Tutorials
 
 
 
web hosting tutorials
About Us
RSS Feed
Disclaimer
Site Map

Security Hole in PDF Reader Could Expose Local Files

Last Updated: November 30, 1999

Adobe's PDF viewing software could expose sensitive information to remote attackers, and the company is urging users to either upgrade their software or turn off support for JavaScript in PDF files. The affected software includes Adobe Reader 7.0 and 7.0.1, and Adobe Acrobat 7.0 and 7.0.1 on both Windows and Mac.

"If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, Adobe said in an advisory. "An attacker could then use the information gathered for malicious purposes. However the impact is minimized due to the fact that the existence of local files can only be discovered if the complete filenames and paths are known in advance by the attacker."

Adobe's PDF (Portable Document Format) is widely used to share documents via email attachments or web downloads. Adobe estimates that there are more than 20 million PDF files available on the Internet, and PDFs are commonly used in legal and medical documents, as well as for business contracts.

Windows users can upgrade to Adobe Reader 7.0.2 and Adobe Acrobat 7.0.2, which are available from the Adobe website. The company is preparing an update for Mac users. Until that update is available, Mac users can disable JavaScript in Acrobat by choosing Adobe > Preferences >JavaScript and deselecting "Enable Acrobat JavaScript."

cpanel tutorials
cPanel Resources
Dedicated Servers

    Credit: http://news.netcraft.com/