Accessibility

Security bulletins and advisories

This page contains important information regarding security vulnerabilities that may affect specific versions of Adobe products and solutions. Please use this information to take the corrective actions prescribed. In our effort to serve you better, you may also sign up for e-mail notification of any future advisories.

Click here to report a security issue associated with an Adobe product.

Bulletins and advisories for this month

Brief Originally Posted Last Updated
APSA08-11 Content Protection in Flash Media Server Server 3.0 11/17/2008 11/17/2008
APSB08-23 AIR update available to address security vulnerabilities 11/17/2008 11/17/2008
APSB08-22 Additional disclosure of security vulnerabilities fixed in Flash Player 10.0.12.36 and Flash Player 9.0.151.0 11/17/2008 11/17/2008
APSB08-21 Update available for potential ColdFusion 8 privilege escalation issue 11/05/2008 11/05/2008
APSB08-20 Flash Player update available to address security vulnerabilities 11/05/2008 11/05/2008
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008

Bulletins and advisories by product

View security bulletins for a specific product:

Adobe Reader (Windows)

Version 8.x
Brief Originally Posted Last Updated
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 07/17/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-02 Privilege escalation issue in Adobe Reader 8.1.2 for Unix 03/11/2008 07/17/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007

Version 7.x
Brief Originally Posted Last Updated
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSA07-01 Cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/04/2007 01/04/2007
APSA06-02 Potential vulnerabilities in Adobe Reader and Acrobat 11/28/2006 11/28/2006
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
XML External Entity vulnerability in Adobe Reader/Acrobat 06/15/2005 06/15/2005
Adobe Reader/Acrobat invalid root page node Count 04/01/2005 04/01/2005
Local file discovery in Adobe Reader/Acrobat through Internet Explorer 04/01/2005 04/01/2005

Version 6.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSA07-01 Cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/04/2007 01/04/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Prevent malicious media (Flash) playback 12/13/2004 12/13/2004
PNG library 1.2.5 vulnerability 12/13/2004 12/13/2004
eBook plug-in vulnerability with *.etd files 12/13/2004 12/13/2004
ActiveX control buffer overflow 09/08/2004 09/08/2004
Filename Handler Buffer Overflow 09/08/2004 09/08/2004

Back to top

Version 5.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSA07-01 Cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/04/2007 01/04/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Arbitrary code execution from a malicious PDF document 06/07/2004 06/07/2004

Version 4.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSA07-01 Cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/04/2007 01/04/2007
Security vulnerabilities due to buffer overrun attacks 07/25/2000 07/25/2000

Back to top

Adobe Reader (Macintosh)

Version 8.x
Brief Originally Posted Last Updated
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007

Version 7.x
Brief Originally Posted Last Updated
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Arbitrary application execution from a malicious PDF document 06/27/2005 06/27/2005
Acrobat/Reader Updater changes Safari Frameworks folder permissions 06/27/2005 06/27/2005
XML External Entity vulnerability in Adobe Reader/Acrobat 06/15/2005 06/15/2005

Version 6.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
File Permissions Vulnerability in Adobe Reader and Adobe Acrobat (Mac OS) 07/11/2006 07/11/2006
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Prevent malicious media (Flash) playback 12/13/2004 12/13/2004
PNG library 1.2.5 vulnerability 12/13/2004 12/13/2004
eBook plug-in vulnerability with *.etd files 12/13/2004 12/13/2004

Version 5.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005

Back to top

Adobe Reader (Unix)

Version 8.x
Brief Originally Posted Last Updated
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007

Version 7.x
Brief Originally Posted Last Updated
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSA07-01 Cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/04/2007 01/04/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005

Version 5.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSA07-01 Cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/04/2007 01/04/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Buffer overflow vulnerability in Adobe Reader 07/05/2005 07/05/2005
Temporary file vulnerability due to Adobe Reader 07/05/2005 07/05/2005
mailListIsPDF buffer overflow issue 12/14/2004 12/14/2004
Long file name uudecode buffer overflow 12/14/2004 12/14/2004
Shell metacharacters uudecode exploit 12/14/2004 12/14/2004
Buffer overflow with long mailto link 12/14/2004 12/14/2004

Back to top

Adobe Acrobat (Windows)

Version 3D
Brief Originally Posted Last Updated
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007

Version 8.x Professional, Standard and Elements
Brief Originally Posted Last Updated
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007

Version 7.x Professional and Standard
Brief Originally Posted Last Updated
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSA06-02 Potential vulnerabilities in Adobe Reader and Acrobat 11/28/2006 12/06/2006
APSB06-20 Update available for potential vulnerabilities in Adobe Reader and Acrobat 12/05/2006 12/05/2006
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
XML External Entity vulnerability in Adobe Reader/Acrobat 06/15/2005 06/15/2005
Adobe Reader/Acrobat invalid root page node Count 04/01/2005 04/01/2005
Local file discovery in Adobe Reader/Acrobat through Internet Explorer 04/01/2005 04/01/2005

Version 6.x Professional and Standard
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Buffer Overflow Vulnerability in Adobe Acrobat 07/11/2006 07/11/2006
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Prevent malicious media (Flash) playback 12/13/2004 12/13/2004
PNG library 1.2.5 vulnerability 12/13/2004 12/13/2004
eBook plug-in vulnerability with *.etd files 12/13/2004 12/13/2004
ActiveX control buffer overflow 09/08/2004 09/08/2004
Filename Handler Buffer Overflow 09/08/2004 09/08/2004

Back to top

Version 5.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Arbitrary code execution from a malicious PDF document 06/07/2004 06/07/2004
Improper validation of JavaScript in PDF files 04/30/2004 04/30/2004

Version 4.x
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSB07-18 Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/22/2007 10/22/2007
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Security vulnerabilities due to buffer overrun attacks 07/25/2000 07/25/2000

Back to top

Adobe Acrobat (Macintosh)

Version 3D
Brief Originally Posted Last Updated
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007

Version 8.x Professional, Standard and Elements
Brief Originally Posted Last Updated
APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 11/04/2008 11/04/2008
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007

Version 7.x Professional and Standard
Brief Originally Posted Last Updated
APSB08-15 Security Update available for Adobe Reader and Acrobat 8.1.2 06/23/2008 06/23/2008
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8 05/06/2008 05/06/2008
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Arbitrary application execution from a malicious PDF document 06/27/2005 06/27/2005
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Acrobat/Reader Updater changes Safari Frameworks folder permissions 06/27/2005 06/27/2005
XML External Entity vulnerability in Adobe Reader/Acrobat 06/15/2005 06/15/2005

Version 6.x Professional and Standard
Brief Originally Posted Last Updated
APSA08-01 Security update available for Adobe Reader and Acrobat 8 02/07/2008 05/06/2008
APSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
File Permissions Vulnerability in Adobe Reader and Adobe Acrobat (Mac OS) 07/11/2006 07/11/2006
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005
Prevent malicious media (Flash) playback 12/13/2004 12/13/2004
PNG library 1.2.5 vulnerability 12/13/2004 12/13/2004
eBook plug-in vulnerability with *.etd files 12/13/2004 12/13/2004

Version 5.x
Brief Originally Posted Last Updated
vAPSA07-04 Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat 10/05/2007 10/05/2007
APSA07-02 Server-side workarounds to prevent potential cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
APSB07-01 Update available for vulnerabilities in versions 7.0.8 and earlier of Adobe Reader and Acrobat 01/09/2007 01/09/2007
Adobe Acrobat and Adobe Reader Plug-in Buffer Overflow 08/16/2005 08/16/2005

Back to top

After Effects

After Effects CS3
Brief Originally Posted Last Updated
APSA08-05 Potential vulnerability in After Effects CS3 05/06/2008 05/06/2008

Back to top

Breeze

Version 5
Brief Originally Posted Last Updated
APSB06-16 Information disclosure in Breeze Licensed Server 10/10/2006 10/10/2006
MPSB05-10 Security Patch for Insufficient Validation in Breeze Communication Server and Breeze Live Server 11/15/2005 11/15/2005
MPSB05-06 Breeze 5.0 Password Reset Encryption 09/29/2005 09/29/2005

Back to top

Adobe Bridge

Brief Originally Posted Last Updated
APSB07-09 Update available for privilege escalation issue in Bridge 1.0.3 installer package 04/10/2007 04/10/2007

Back to top

ColdFusion

Version 8
Brief Originally Posted Last Updated
APSB08-21 Update available for potential ColdFusion 8 privilege escalation issue 11/05/2008 11/05/2008
APSB08-12 Update available for ColdFusion 8 CFC method access level issue 04/08/2008 04/08/2008
APSB08-06 Update available for potential ColdFusion MX 7 and ColdFusion 8 Cross Site Scripting security issue 03/11/2008 03/11/2008
APSB08-07 Update available for ColdFusion MX 7 and ColdFusion 8 Cross-Site Scripting issue 03/11/2008 03/11/2008
APSB08-08 Update available for ColdFusion MX 7 and ColdFusion 8 logs invalid admin interface log-in attempts 03/11/2008 03/11/2008
APSB07-19 Update available for ColdFusion MX 7 and ColdFusion 8 potential session hijacking issue 11/13/2007 11/13/2007
Version MX 7
Brief Originally Posted Last Updated
APSB08-21 Update available for potential ColdFusion 8 privilege escalation issue 11/05/2008 11/05/2008
APSB08-06 Update available for potential ColdFusion MX 7 and ColdFusion 8 Cross Site Scripting security issue 03/11/2008 03/11/2008
APSB08-07 Update available for ColdFusion MX 7 and ColdFusion 8 Cross-Site Scripting issue 03/11/2008 03/11/2008
APSB08-08 Update available for ColdFusion MX 7 and ColdFusion 8 logs invalid admin interface log-in attempts 03/11/2008 03/11/2008
APSB07-19 Update available for ColdFusion MX 7 and ColdFusion 8 potential session hijacking issue 11/13/2007 11/13/2007
APSB07-08 Workaround available for Linux and Solaris ColdFusion MX 7 file permissions vulnerability 04/10/2007 04/10/2007
APSB07-06 Patch available for ColdFusion MX 7 cross-site scripting protection bypass 03/13/2007 03/13/2007
APSB07-05 Patch available for JRun cross-site scripting issue 02/13/2007 02/13/2007
APSB07-04 Patch available for ColdFusion MX cross-site scripting issue 02/13/2007 02/13/2007
APSB07-03 Patch available for ColdFusion MX 7 cross-site scripting issue when Global Script Protection is not enabled 02/13/2007 02/13/2007
APSB07-02 Patch available for ColdFusion MX 7 and JRun 4 information disclosure issue 01/09/2007 01/09/2007
APSB06-17 Local privilege escalation in a ColdFusion third party library 10/10/2006 10/10/2006
APSB06-12 Denial of service in ColdFusion Flash Remoting Gateway 09/12/2006 09/12/2006
APSB06-13 ColdFusion Sandbox Security vulnerability 09/12/2006 09/12/2006
APSB06-14 ColdFusion cross-site scripting in error page 09/12/2006 09/12/2006
APSB06-10 ColdFusion AdminAPI Authentication Issue 08/08/2006 08/08/2006
MPSB05-14 Cumulative Security Updater for ColdFusion MX 7 12/15/2005 12/15/2005
MPSB05-03 ColdFusion MX 7 cross-site scripting in default error page 05/10/2005 05/10/2005

Back to top

Version MX 6.1
Brief Originally Posted Last Updated
APSB07-05 Patch available for JRun cross-site scripting issue 02/13/2007 02/13/2007
APSB07-04 Patch available for ColdFusion MX cross-site scripting issue 02/13/2007 02/13/2007
APSB06-14 ColdFusion cross-site scripting in error page 09/12/2006 09/12/2006
MPSB05-12Sandbox Security and CFMAIL Vulnerability in ColdFusion MX 6.X 12/15/2005 12/15/2005
MPSB05-02 Workaround available for ColdFusion MX 6.1 Updater file disclosure 04/07/2005 04/07/2005
MPSB04-10 The CFOBJECT tag and CreateObject functions should be secured in a shared or untrusted developer environment 10/08/2004 10/08/2004
MPSB04-09 Cumulative Security Patch available for ColdFusion MX 09/23/2004 09/23/2004
MPSB04-06 Security Patch available for ColdFusion MX 6.1 File Upload Denial of service 04/15/2004 04/15/2004
MPSB04-01 Security Patch available for ColdFusion MX sandbox security 01/28/2004 01/28/2004
MPSB04-02 Security Patch available for ColdFusion MX 6.1 form fields Denial of service 01/28/2004 01/28/2004
MPSB03-07 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS 12/09/2003 12/09/2003
MPSB03-06 Security Patch Available for ColdFusion MX/ColdFusion Cross-Site Scripting Vulnerability with Default Error Handlers 09/18/2003 09/18/2003
MPSB03-04 Patch for Apache 1.3.x, 2.0 View Source Vulnerability in ColdFusion MX and JRun 4.0 on Windows 07/08/2003 07/08/2003
MPSB03-02 Using Windows NT Authentication and Windows file permissions 01/20/2003 01/20/2003

Back to top

Version MX 6
Brief Originally Posted Last Updated
APSB07-05 Patch available for JRun cross-site scripting issue 02/13/2007 02/13/2007
APSB07-04 Patch available for ColdFusion MX cross-site scripting issue 02/13/2007 02/13/2007
APSB06-14 ColdFusion cross-site scripting in error page 09/12/2006 09/12/2006
MPSB05-12 Sandbox Security and CFMAIL Vulnerability in ColdFusion MX 6.X 12/15/2005 12/15/2005
MPSB04-10 The CFOBJECT tag and CreateObject functions should be secured in a shared or untrusted developer environment 10/08/2004 10/08/2004
MPSB04-09 Cumulative Security Patch available for ColdFusion MX 09/23/2004 09/23/2004
MPSB04-04 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS 03/15/2004 03/15/2004
MPSB03-07 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS 12/09/2003 12/10/2003
MPSB03-06 Security Patch Available for ColdFusion MX/ColdFusion Cross-Site Scripting Vulnerability with Default Error Handlers 09/18/2003 09/18/2003
MPSB03-04 Patch for Apache 1.3.x, 2.0 View Source Vulnerability in ColdFusion MX and JRun 4.0 on Windows 07/08/2003 07/08/2003
MPSB03-02 Using Windows NT Authentication and Windows file permissions 01/30/2003 01/30/2003
MPSB03-01 Patch available for ColdFusion MX Enterprise Edition 01/09/2003 01/09/2003
MPSB02-13 ColdFusion MX file extension mappings 11/06/2002 11/06/2002
MPSB02-07 Patch available to support Apache 2.0.39 with JRun 4.0/ColdFusion MX 06/27/2002 06/27/2002
MPSB02-05 Patch Available for Buffer Overflow attack on ColdFusion MX with Microsoft IIS 06/27/2002 06/27/2002
MPSB02-04 ColdFusion MX Enterprise Edition's JSP functionality should be disabled in shared, hosted environments 06/13/2002 06/13/2002
MPSB02-03 Patch available for default Missing Template page in ColdFusion MX 06/13/2002 06/13/2002

Back to top

Previous Versions
Brief Originally Posted Last Updated
MPSB03-06 Security Patch Available for ColdFusion MX/ColdFusion Cross-Site Scripting Vulnerability with Default Error Handlers 09/18/2003 09/18/2003
MPSB02-01 Certain DOS reserved filenames may cause ColdFusion to display the physical web root directory when ColdFusion is used with Microsoft IIS 05/09/2002 05/09/2002
MPSB01-11 The CFEXECUTE tag should be disabled when using ColdFusion Sandbox Security Operating System type) on Windows 11/27/2001 11/27/2001
MPSB01-08 Best Practice for Security Issue in Example Applications Released with ColdFusion Server Versions 4.x and Earlier 08/07/2001 08/07/2001
MPSB01-07 ColdFusion Security Patch for versions 2.0 through 4.5.1 SP2 07/11/2001 07/11/2001
ASB00-14 Workaround available for Denial of Service attack against ColdFusion Administrator 06/07/2000 06/07/2000
ASB00-12 ClusterCATS Appends Stale Query String to URL Line during HTML Redirection 05/08/2000 05/08/2000
ASB00-03 Patch Available For Potential Information Exposure By The CFCACHE Tag 01/04/2000 01/04/2000
ASB99-10 Addressing Potential Security Issues with Undocumented CFML Tags and Functions Used in the ColdFusion Administrator 07/29/1999 09/29/1999
ASB99-04 Multiple SQL Statements in Dynamic Queries 02/04/1999 06/01/1999
ASB99-07 Solution Available for Denial-of-Service Attack Using CF Admin. Start/Stop Utility 05/19/1999 05/19/1999
ASB99-08 Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted 05/19/1999 05/19/1999
ASB99-02 ColdFusion Example Applications and Sample Code Exposes Servers 02/04/1999 05/19/1999
ASB99-01 Expression Evaluator Security Issues 02/04/1999 04/30/1999

Back to top

Connect

Brief Originally Posted Last Updated
APSB08-04 Update available to address Adobe Connect Enterprise Server security issues 02/12/2008 02/12/2008
APSB08-02 Update available for Adobe Connect Enterprise Server cross-site scripting issue 01/16/2008 01/16/2008
APSB07-14 Patch available for Adobe Connect Enterprise Server information disclosure issue 09/11/2007 09/11/2007

Back to top

Contribute Publishing Services

Brief Originally Posted Last Updated
APSB08-01 Update to Dreamweaver and Contribute to address potential cross-site scripting vulnerabilities 01/16/2008 01/16/2008
APSB06-15 Local information disclosure in a Contribute Publishing Server 10/10/2006 10/10/2006
MPSB05-08 Contribute Publishing Server Password Encryption 11/15/2006 11/15/2006
MPSB05-04 Potential Security Risk with Macromedia eLicensing Client Activation Code 06/09/2005 06/09/2005

Back to top

Adobe Creative Suite (All Platforms)

Version 2.x
Brief Originally Posted Last Updated
File Permissions Vulnerability in Adobe Creative Suite 2 02/02/2006 02/02/2006

Back to top

Adobe Creative Suite (Windows)

Version 2.x
Brief Originally Posted Last Updated
File Permissions Vulnerability in Adobe Creative Suite 2 02/02/2006 02/02/2006

Version 1.x
Brief Originally Posted Last Updated
Advisory for License Management Service vulnerability 06/09/2005 06/09/2005

Back to top

Adobe Document Server

Version 5.x and 6.x
Brief Originally Posted Last Updated
Adobe Document Server for Reader Extensions authentication vulnerability 04/11/2006 04/11/2006
Adobe Graphics Server and Adobe Document Server configuration security vulnerability 03/13/2005 03/13/2005

Back to top

Adobe Download Manager

Brief Originally Posted Last Updated
APSB06-19 Update available for buffer overflow in Adobe Download Manager 12/05/2006 12/05/2006

Back to top

Dreamweaver

Dreamweaver CS3
Brief Originally Posted Last Updated
APSB08-01 Update to Dreamweaver and Contribute to address potential cross-site scripting vulnerabilities 01/16/2008 01/16/2008

Version 8
Brief Originally Posted Last Updated
APSB08-01 Update to Dreamweaver and Contribute to address potential cross-site scripting vulnerabilities 01/16/2008 01/16/2008
APSB06-07 Dreamweaver Server Behavior SQL Injection vulnerability 05/09/2006 05/09/2006

Version MX
Brief Originally Posted Last Updated
APSB06-07 Dreamweaver Server Behavior SQL Injection vulnerability 05/09/2006 05/09/2006
MPSB05-04 Potential Security Risk with Macromedia eLicensing Client Activation Code 06/09/2006 06/09/2006
MPSB04-05 Potential Risk in Dreamweaver Remote Database Connectivity 04/02/2004 04/02/2004
MPSB03-05 Patch and Work Around for Dreamweaver MX, DRK, and UltraDev Server Behaviors 08/19/2003 08/19/2003

Back to top

Flash

Flash CS3 Professional
Brief Originally Posted Last Updated
APSA08-09 October Flash Professional CS3 Security Advisory 10/15/2008 10/15/2008
APSA08-03 Potential vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8 03/19/2008 03/19/2008
Flash 8
Brief Originally Posted Last Updated
APSA08-03 Potential vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8 03/19/2008 03/19/2008

Back to top

Flash Communication Server

Brief Originally Posted Last Updated
MPSB05-09 Security Patch for Insufficient Validation in Flash Communication Server 11/15/2005 11/15/2005

Back to top

Flash Media Server

Brief Originally Posted Last Updated
APSA08-06 Content Protection in Flash Media Server 09/02/2008 09/02/2008
APSB08-03 Update available to address Flash Media Server security issues 02/12/2008 02/12/2008
MPSB05-11 Administrator Interface Denial of Service Vulnerability in Flash Media Server 12/15/2005 12/15/2005

Back to top

Flash Player

Version 9.x
Brief Originally Posted Last Updated
APSB08-22 Additional disclosure of security vulnerabilities fixed in Flash Player 10.0.12.36 and Flash Player 9.0.151.0 11/17/2008 11/17/2008
APSB08-20 Flash Player update available to address security vulnerabilities 11/05/2008 11/17/2008
APSB08-18 Flash Player update available to address security vulnerabilities 10/15/2008 11/17/2008
APSA08-08 Flash Player workaround available for "Clickjacking" issue 10/07/2008 11/05/2008
APSB08-11 Flash Player update available to address security vulnerabilities 04/08/2008 05/30/2008
APSA07-06 Vulnerabilities in some SWF files could allow cross-site scripting 12/23/2007 04/08/2008
APSB07-20 Flash Player update available to address security vulnerabilities 12/18/2007 01/29/2007
APSA07-05 Potential Vulnerability with Adobe Flash Player and Opera on Mac OSX 10/17/2007 12/18/2007
APSB07-12 Flash Player update available to address security vulnerabilities 07/10/2007 07/10/2007
APSA07-03 Opera update available for vulnerability with Adobe Flash Player and Opera browser on Linux and Solaris 04/11/2007 04/11/2007
APSB06-18 Update available for HTTP Header Injection Vulnerabilities in Adobe Flash Player 11/14/2006 12/06/2006

Version 8.x and previous
Brief Originally Posted Last Updated