lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <008501c57329$35300500$0505a8c0@Slawek>
Date: Fri, 17 Jun 2005 12:42:05 +0200
From: "Slawek" <sgp@...satgp.com.pl>
To: <bugtraq@...urityfocus.com>
Subject: Re: Adobe Reader 7: XML External Entity (XXE) Attack


Hello!
In message to <bugtraq@...urityfocus.com> sent Thu, 16 Jun 2005 17:08:38 
+0200 you wrote:

 SHH> XML External Entity (XXE) Attack Possible in Adobe Reader 7
 SHH> -----------------------------------------------------------

 SHH>                                                     SHH #7, 2005-06-16

[...]

 SHH> Fixed versions
 SHH> --------------

 SHH> Adobe Reader version 7.0.2.
 SHH> For Adobe's own advisory, see the following URL:
 SHH>   http://www.adobe.com/support/techdocs/331710.html


It looks like Adobe Acrobat Reader 7 automatically downloads this update (if 
enabled to do so), but unfortunatelly there is probably a problem with an 
update itself.

My situation:
1) I've spotted a few PDF files which required Reader 7.
2) There were no Polish version of the Reader 7 available so I've installed 
English one.
3) An update was automatically detected by the Reader and it installed 
without problems.
4) I've noticed Polish version is available, so I've downloaded it.
5) I've uninstalled Reader 7 and the security update and installed Polish 
version.
6) An update doesn't install now (although Reader detects it needs it).

I've tried reinstalling English version and it doesn't want to install an 
update either.

So better don't uninstall the Reader after you've installed the update or 
you'll may end up being not protected.

------------------------------------------ 
Slawomir Piotrowski / Telsat GP
Rejestracja Czasu Pracy i Kontrola Dostepu
http://www.ewidencja-czasu-pracy.pl
------------------------------------------ 




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ