The Adobe Reader 7.0.9 Update will install Adobe Reader 7.0.9 and provides several important security fixes. Adobe recommends that all users install this update or upgrade to Adobe Reader 8.

APSB07-01 Security Bulletin

This Security Bulletin addresses several vulnerabilities, including issues that have already been disclosed. It is recommended that users update to the most current version of Adobe Reader or Acrobat available.

An update is available for a cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow remote attackers to inject arbitrary JavaScript into a browser session. This vulnerability, previously reported in APSA07-01 on January 4, 2007, has been assigned an important severity rating. This issue is specific to Windows and Linux operating systems. Exploitability depends on the browser and browser version being used. This vulnerability does not allow execution of binary code. This issue is remotely exploitable. Adobe has provided workarounds for website operators to prevent the cross-site scripting vulnerability from the server side. (CVE-2007-0045)

Additional vulnerabilities have been identified in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. These vulnerabilities have been assigned a critical severity rating. A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities. These issues are remotely exploitable. (CVE-2006-5857, CVE-2007-0046)

These updates include changes to prevent a denial of service issue in Adobe Reader or Acrobat. (CVE-2007-0048)

Program Information Category: Tools and Utilities Type: Free Version: 7.0.9 Size: / Works on: Windows Product page: here