2 Replies Latest reply on Feb 21, 2008 10:30 AM by (Levi_Tonet)

    Question on Security Vulnerability with All Reader Versions Prior to 8.1.2

      Hello,

      I work for a company affiliated with Penn State University, and recently we received an email from the main campus about a fairly large security vulnerability with all versions of Adobe Reader prior to 8.1.2, and we were asked to update all users with Adobe Reader version 8.1.2. Refer to the following links for more information on the vulnerability issue:

      Post from the university:
      http://its.psu.edu/news/story-979
      First Related Article:
      http://isc.sans.org/diary.html?date=2008-02-09
      Second Related Article:
      http://www.symantec.com/enterprise/security_response/weblog/2008/02/pidief_a_byword_for_0d ay_explo.html

      Updating Reader is not a problem, as it is free. My question deals with the status of Adobe Acrobat Professional. Is anyone aware of this issue and whether it affects Adobe Acrobat Pro installations prior to 8.1.2? We have numerous employees using versions 6 and 7 of Adobe Acrobat Pro. While it's understandable that we will probably have to update the version 6 users because of lack of support for that version, version 7 users should not be forced to update because that product is still being supported, supposedly.

      Will users of Adobe Pro 6/7/8 simply need to patch their installations with the latest patches, or will all users need to upgrade to version 8 of the software? I have been searching for answers all morning, but the articles on this top are not very clear on whether this vulnerability only affects Reader or if it also affects Acrobat Pro.

      --Levi