Adobe Warns: New Exploit Poisons PDFs, Dangerous

• by Brandon Dimmel on 20100913 @ 10:28PM EST | google it | send to friends
• Filed under Security | (related terms: adobe, system, pdf, secunia, vulnerability)

Security researchers have discovered a new PDF (portable document format) exploit in Adobe Reader and Acrobat they think could allow a hacker to remotely take over a system. In fact, the threat is so serious at least one expert has called the vulnerability "scary."

Adobe has acknowledged the flaw exists and could soon be exploited. In a statement, the company noted that the hole could be used to "cause a crash and potentially allow an attacker to take control of the affected system." (Source: adobe.com)

Hackers Trick Users Into Opening Infected PDF

Mac, Unix and Windows users are all affected by a bug that has targeted Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4. It's suspected that most earlier versions of these two programs are also vulnerable.

While Adobe did admit the problem existed, the company stopped short of providing details about the exploit.

Instead, a much better description is coming from security company Secunia, which recently noted that the issue is related to "a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by... tricking a user into opening a specially crafted PDF file." (Source: eweek.com)

Most troubling: not even security experts know of a way to help users affected by the flaw. "Unfortunately, there are no mitigations we can offer," Secunia told tech blog, eWEEK. (Source: computerworld.com)

Users Advised to be Vigilant with Emails and Files

The best advice available right now: don't open emails or files sent by strangers, and always keep your anti-virus software and operating system up to date.

"Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available," said a Secunia representative. (Source: zdnet.com)

Adobe hasn't yet announced when a patch targeting this issue will become available.

Free eBook: Windows... On Speed. This 33 page guide will explain how to store your data to reduce disk fragmentation, how to properly remove programs to avoid registry junk, which system maintenance tools you should use to maintain a top notch performance, how to protect your system from malware attacks, and how to physically clean your machine to avoid hardware damage and failure. There's also a troubleshooting section for PCs already affected by deteriorating performance, and how to resolve it. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.