All the latest UK technology news, reviews and analysis

Adobe warns of PDF threat

by Shaun Nichols

More from this author

21 Feb 2009

Be the first to comment

  • Tweet this
Adobe
Flaws in Adobe Reader and Acrobat could allow an attacker to remotely execute code

Users are being urged to exercise caution when handling PDF files following the discovery of, and subsequent attacks on, a flaw in Adobe software.

The company said in a Security Bulletin that it had received reports of attacks targeting a previously unknown flaw in Adobe Reader and Acrobat. When exploited, the flaw allows an attacker to remotely execute code on a targeted system.

Further reading

The issue is believed to affect version 9.0 and earlier of both applications. Security firm Shadowserver said in an alert that the vulnerability exists in the way the programs handle JavaScript within PDF files.

The infected files trigger a memory buffer overflow, which in turn allows the attacker to remotely execute code on the targeted system.

"Right now we believe these files are only being used in a smaller set of targeted attacks," wrote Shadowserver researcher Steven Adair. "However, these types of attacks are frequently the most damaging, and it is only a matter of time before this exploit ends up in every exploit pack on the internet."

Adobe said that users should expect to see a fix for the vulnerability by 11 March. In the meantime, researchers at Shadowserver and the US Computer Emergency Response Team recommend users to disable the ability for documents to execute JavaScript code in Acrobat and Reader through the applications' preference panels.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Android Market logo

Google removes 37 rogue apps from Android Market

Related white papers

Related articles

Related jobs

Today's top stories

Cloud computing suppliers announced by government

Government launches G-Cloud store with 257 cloud computing suppliers

Microsoft Windows 8 start screen

Top 10 Microsoft Windows 8 features to be excited about

Barclays Pingit Application in use on an iPhone

Barclays launches Pingit mobile payment service for iPhone, Android and BlackBerry

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

97%

1%

1%

0%

1%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Software Engineer - Performance

Software Engineer - Performance - Permanent - Cheshire...

SharePoint 2010 Developer, C#.NET/ASP.NET/SQL. Altrincham

Leading Financial Services Company requires experience...

Busienss Analyst

TOM, Business Analyst, Loan IQ, Process, Risk, Operations...

ASP.NET Developer – MVC, JavaScript, MS SQL, CSS, HTML, Photoshop

ASP.NET Developer - MVC, JavaScript, MS SQL, CSS, HTML...

To send to more than one email address, simply separate each address with a comma.