Re: Adobe Reader 7: XML External Entity (XXE) Attack
Hello!
In message to <bugtraq@xxxxxxxxxxxxxxxxx> sent Thu, 16 Jun 2005 17:08:38
+0200 you wrote:
SHH> XML External Entity (XXE) Attack Possible in Adobe Reader 7
SHH> -----------------------------------------------------------
SHH> SHH #7, 2005-06-16
[...]
SHH> Fixed versions
SHH> --------------
SHH> Adobe Reader version 7.0.2.
SHH> For Adobe's own advisory, see the following URL:
SHH> http://www.adobe.com/support/techdocs/331710.html
It looks like Adobe Acrobat Reader 7 automatically downloads this update (if
enabled to do so), but unfortunatelly there is probably a problem with an
update itself.
My situation:
1) I've spotted a few PDF files which required Reader 7.
2) There were no Polish version of the Reader 7 available so I've installed
English one.
3) An update was automatically detected by the Reader and it installed
without problems.
4) I've noticed Polish version is available, so I've downloaded it.
5) I've uninstalled Reader 7 and the security update and installed Polish
version.
6) An update doesn't install now (although Reader detects it needs it).
I've tried reinstalling English version and it doesn't want to install an
update either.
So better don't uninstall the Reader after you've installed the update or
you'll may end up being not protected.
------------------------------------------
Slawomir Piotrowski / Telsat GP
Rejestracja Czasu Pracy i Kontrola Dostepu
http://www.ewidencja-czasu-pracy.pl
------------------------------------------