Re: Adobe Reader 7: XML External Entity (XXE) Attack

["Slawek" <sgp () telsatgp com pl>]

Hello!
In message to <bugtraq () securityfocus com> sent Thu, 16 Jun 2005 17:08:38 
+0200 you wrote:

SHH> XML External Entity (XXE) Attack Possible in Adobe Reader 7
SHH> -----------------------------------------------------------

SHH>                                                     SHH #7, 2005-06-16

[...]

SHH> Fixed versions
SHH> --------------

SHH> Adobe Reader version 7.0.2.
SHH> For Adobe's own advisory, see the following URL:
SHH>   http://www.adobe.com/support/techdocs/331710.html


It looks like Adobe Acrobat Reader 7 automatically downloads this update (if 
enabled to do so), but unfortunatelly there is probably a problem with an 
update itself.

My situation:
1) I've spotted a few PDF files which required Reader 7.
2) There were no Polish version of the Reader 7 available so I've installed 
English one.
3) An update was automatically detected by the Reader and it installed 
without problems.
4) I've noticed Polish version is available, so I've downloaded it.
5) I've uninstalled Reader 7 and the security update and installed Polish 
version.
6) An update doesn't install now (although Reader detects it needs it).

I've tried reinstalling English version and it doesn't want to install an 
update either.

So better don't uninstall the Reader after you've installed the update or 
you'll may end up being not protected.

------------------------------------------ 
Slawomir Piotrowski / Telsat GP
Rejestracja Czasu Pracy i Kontrola Dostepu
http://www.ewidencja-czasu-pracy.pl
------------------------------------------