Desktop publishing software vendor Adobe released a trio of security patches on Jan. 9, two of which are aimed at fixing a cross-site scripting issue lingering in earlier versions of its Reader and Acrobat products, with the third targeting a new vulnerability identified in its ColdFusion development platform.

The San Jose, Calif.-based company issued two separate bulletins meant to address the XSS flaw present in its Reader and Acrobat applications, including a server-side workaround that promises to prevent exploitation of the problem in versions 7.0.8 and earlier of the two programs.

Adobe has already patched the vulnerability in its latest iteration of the products, specifically Adobe Reader 8.

Source: eWeek