Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Adobe, Cisco Stung By Bugs

Adobe Systems and Cisco Systems were a bit under the weather last week. Perhaps they caught a bug.

For Adobe, six vulnerabilities affecting its popular Reader and Acrobat products were discovered in the past two weeks, one of which could be used in cross-site scripting attacks.

Attackers could exploit one group of vulnerabilities by creating rigged PDF files and getting unsuspecting users to open them. These flaws are more dangerous because remote attackers could use them to execute malicious code and take over affected machines, Adobe said in an advisory last week. The advisory noted that a malicious file would have to be loaded in Adobe Reader.

Adobe, San Jose, Calif., assigned its highest threat rating of "critical"—4 on a 4-point scale—to the vulnerabilities. Symantec Deepsight rated the severity of the flaws as 8.3 on a 10-point scale, while Secunia said they were "highly critical"—or 4 on a 5-point scale.

Craig Schugmar, a threat researcher with McAfee's Avert Labs, says the spate of Adobe vulnerabilities is part of an ongoing shift by hackers away from operating
system-focused bugs and toward application flaws.

  • 1