.
Logo
Print this page
Save to disk

Attack code targets unpatched Adobe Reader flaw

/v3-uk/news/1946209/attack-code-targets-unpatched-adobe-reader-flaw

17 Oct 2007, Tom Sanders in California  , V3

Adobe Acrobat
Details about the Adobe Reader vulnerability were published in late September

A security researcher has published a proof-of-concept exploit for a known vulnerability in Adobe Reader.

The researcher, known only as 'Cyanid-E', unveiled his creation in a posting to the Full Disclosure security mailing list on Tuesday.

The vulnerability has been confirmed on a fully patched Windows XP system running Adobe's Acrobat Reader 8.1 and Internet Explorer 7.

Details about the vulnerability were published in late September on the GNU Citizen blog.

The blog did not post proof-of-concept code at the time because it expected Adobe to be slow to respond. Proof-of-concept code can easily be turned into live attack code, and the publication could have put users at risk.

The proof-of-concept demonstrates the exploit by opening the calculator application when users open a specially crafted PDF file.

Although the code is harmless, criminals could easily modify it to install malware or recruit a system into a botnet.

Adobe acknowledged the flaw earlier this month and published a workaround that protects users.

A spokesperson for Adobe told vnunet.com that the company is aware of the proof-of-concept and is preparing to release an update within the next two weeks.

Adobe recommends users to implement the workaround and use extreme caution when viewing and downloading "unsolicited communications".

Do you agree?

Print this page
Save to disk
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093