Adobe Warns: New Exploit Poisons PDFs, Dangerous

by Brandon Dimmel on 20100913 @ 10:28PM EST | google it | send to friends
Filed under Security | (related terms: adobe, system, pdf, secunia, vulnerability)

Security researchers have discovered a new PDF (portable document format) exploit in Adobe Reader and Acrobat they think could allow a hacker to remotely take over a system. In fact, the threat is so serious at least one expert has called the vulnerability "scary."

Adobe has acknowledged the flaw exists and could soon be exploited. In a statement, the company noted that the hole could be used to "cause a crash and potentially allow an attacker to take control of the affected system." (Source: adobe.com)

Hackers Trick Users Into Opening Infected PDF

Mac, Unix and Windows users are all affected by a bug that has targeted Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4. It's suspected that most earlier versions of these two programs are also vulnerable.

While Adobe did admit the problem existed, the company stopped short of providing details about the exploit.

Instead, a much better description is coming from security company Secunia, which recently noted that the issue is related to "a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by... tricking a user into opening a specially crafted PDF file." (Source: eweek.com)

Most troubling: not even security experts know of a way to help users affected by the flaw. "Unfortunately, there are no mitigations we can offer," Secunia told tech blog, eWEEK. (Source: computerworld.com)

Users Advised to be Vigilant with Emails and Files

The best advice available right now: don't open emails or files sent by strangers, and always keep your anti-virus software and operating system up to date.

"Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available," said a Secunia representative. (Source: zdnet.com)

Adobe hasn't yet announced when a patch targeting this issue will become available.

Stay Informed: Subscribe Free to Infopackets, Today! Get your daily fix of Microsoft Windows news, reviews, tech tips, plus free software (freeware) goodies daily -- all absolutely free -- delivered straight to your email inbox! Bonus: join our website today and you'll also receive our highly coveted Top 10 Tech Reports, including: Top 10 PC Security Essentials, Windows Optimization Secrets, Top Freeware Antivirus, MS Office alternatives and more. Don't delay: subscribe today! Click here for more info.

Infopackets Game of the Week

Secrets of the Dark: Eclipse Mountain Collector's Edition

Click here to read more.

Most Clicked Stories
(In the Past 15 Days)

Freebies

Subscription Center

Recommended Sites

DownloadMix.com: More Freeware + Shareware

About

Established in 2001 and read by over 250,000 users world-wide, infopackets features the latest in headline news based on MS Windows, Internet, and technology trends. Subscription to our website is free! Join our discussion list, today!