All the latest UK technology news, reviews and analysis
|
|
|
17 Oct 2007
A security researcher has published a proof-of-concept exploit for a known vulnerability in Adobe Reader.
The researcher, known only as 'Cyanid-E', unveiled his creation in a posting to the Full Disclosure security mailing list on Tuesday.
The vulnerability has been confirmed on a fully patched Windows XP system running Adobe's Acrobat Reader 8.1 and Internet Explorer 7.
Details about the vulnerability were published in late September on the GNU Citizen blog.
The blog did not post proof-of-concept code at the time because it expected Adobe to be slow to respond. Proof-of-concept code can easily be turned into live attack code, and the publication could have put users at risk.
The proof-of-concept demonstrates the exploit by opening the calculator application when users open a specially crafted PDF file.
Although the code is harmless, criminals could easily modify it to install malware or recruit a system into a botnet.
Adobe acknowledged the flaw earlier this month and published a workaround that protects users.
A spokesperson for Adobe told vnunet.com that the company is aware of the proof-of-concept and is preparing to release an update within the next two weeks.
Adobe recommends users to implement the workaround and use extreme caution when viewing and downloading "unsolicited communications".
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Field/Site Engineering Manager/Leader Brief: Polar...
Product Manager, Open Repository (ref:BMC/PMR) End...
Java/J2EE Software Developer/Programmer - Dotcom/ eCommerce...
Field/Site Engineering Manager/Leader Brief: Polar...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Adobe Nearsightedness
I'd llike to know why Adobe is only planning to issue a patch for Ver. 8.1 and is not worrying themselves over the gazillion users who have earlier versions. The slimy bastards are just using it as a marketing tool (windfall profits) to force vulnerable people into buying their latest software. It wouldn't surprise me if they (Adobe) fabricated and publicized the threat.
Posted by: Chip Burton 30 Oct 2007