Apr 7, 2005

Bug: Acrobat & Reader 7.0 and earlier


Adobe Acrobat 7.0 and earlier, and the Adobe Reader 7.0 and earlier have a bug in the way they interact with an Internet Explorer ActiveX control. If this control is invoked directly by a webpage, an attacker may be able to learn whether certain local files exist. This will only happen on a computer that is running Microsoft Internet Explorer. According to Adobe, the file contents are not exposed. This has been fixed in the Adobe Acrobat and Acrobat Reader 7.0.1 update.

Comments are closed.