The US Computer Emergency Response Team has warned of
security flaws in both Adobe imaging software and Google search
appliances.
Cert said it was aware of a report of multiple vulnerabilities
that affect the ActiveX control for Adobe Reader and Acrobat.
Cert said the problem relates to the Adobe Acrobat AcroPDF
ActiveX control failing to properly handle malformed input.
At the moment, said Cert, there is no patch to protect users
from the problem. Therefore, users can only mitigate the risk by
disabling ActiveX controls in their web browsers.
Adobe has also now issued a workaround to the problem on its
website.
Cert also reported that Google Search Appliances and Mini
Devices are vulnerable to cross-site scripting attacks.
The flaw exists in the way that Google Search Appliance and
Google Mini devices handle UTF-7 (Unicode Transformation Format)
encoded URIs (Uniform Resource Identifier).
Again, no patch is available for the problem at the moment, so
Cert recommended that users disable active scripting in their
browsers as a workaround.
Comment on this article:
computer.weekly@rbi.co.uk