Adobe Acrobat and Reader Security Update Planned this Week

Published: 2013-02-17. Last Updated: 2013-02-20 15:43:33 UTC
by Guy Bruneau (Version: 1)
7 comment(s)

Last week Adobe's PSIRT Team published an advisory on vulnerabilities affecting Adobe Reader and Acrobat. Yesterday they published an update that they plan to release a patch to resolve CVE-2013-0640 and CVE-2013-0641 this week.

[1] https://isc.sans.edu/diary/More+adobe+reader+and+acrobat+%28PDF%29+trouble/15151
[2] http://www.adobe.com/support/security/advisories/apsa13-02.html
[3] http://blogs.adobe.com/psirt/2013/02/schedule-update-to-security-advisory-for-adobe-reader-and-acrobat-apsa13-02.html

(fixed typo in response to carpenter jokes below ;-) )

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Acrobat Adobe Reader Exploit PDF
7 comment(s)

HP ArcSight Connector Appliance and Logger Vulnerabilities

Published: 2013-02-17. Last Updated: 2013-02-17 00:22:32 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

If you are using HP ArcSight Connector Appliance (v6.3 and earlier) and Logger (v5.2 and earlier), some potential security vulnerabilities have been identified which could be remotely exploited to allow information disclosure, command injection and cross-site scripting (XSS).

HP recommend to contact support to request the current updates for ArcSight Connector Appliance (v6.4) and ArcSight Logger (v5.3) to resolve these issues. Additional information available here.

[1] http://h20565.www2.http.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700-1&ac.admitted=1361054958795.876444892.492883150

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: ArcSight Command Injection Connector Information Disclosure Logger XSS
0 comment(s)

Comments

Login here to join the discussion.


Diary Archives