**Information purposes only - DO NOT REPLY!! Subject: [SA12809] Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information TITLE: Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information SECUNIA ADVISORY ID: SA12809 VERIFY ADVISORY: http://secunia.com/advisories/12809/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Adobe Reader 6.x http://secunia.com/product/1810/ Adobe Acrobat 6.x http://secunia.com/product/1809/ DESCRIPTION: A vulnerability in Adobe Acrobat and Adobe Reader, which can be exploited by malicious people to disclose sensitive information. The problem is that embedded Macromedia flash files are executed in a local context. This can be exploited to read local files by embedding a specially crafted flash file in a PDF file located on e.g. a malicious web site. The vulnerability has been confirmed on Adobe Reader 6.01 and 6.02 for Windows. SOLUTION: Disable Javascript in Adobe Acrobat and Adobe Reader. -- Doug Keller Wis-Kel Electronics 101 Freeland Ave. Terra Alta, WV USA 26764 dek@xxxxxxxxxxxxxx dek@xxxxxxxxxxxxxxx http://www.tech-assist.org "Learn from the mistakes of others, because you won't live long enough to make them all yourself" ----------------------------------------------------------------------------- Lost Password: http://www.tech-assist.org and select "Login Problems?". Email Archives: //www.freelists.org/archives/techassist/