Jump to content

Serious Vulnerability In Adobe Reader


threegee

Recommended Posts

Upshot is that you shouldn't open any .PDF files that you aren't fully aware of the source of. The vulnerability is being exploited so this is not just academic stuff! Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1 are all affected, and there are no fixes just yet.

http://www.computerw...researchers_say

The exploit drops and loads two DLL files on the system. One file displays a bogus error message and opens a PDF document that's used as a decoy, the FireEye researchers said.

Remote code execution exploits regularly cause the targeted programs to crash. In this context, the fake error message and second document are most likely used to trick users into believing that the crash was the result of a simple malfunction and the program recovered successfully. Meanwhile, the second DLL installs a malicious component that calls back to a remote domain, the FireEye researchers said.

Adobe said it is working on an emergency patch for the popular document reader. In the meantime, it urges users to enable the product's Protected View feature, which is off by default.
Link to comment
Share on other sites

Acrobat and Reader XI

Feb 20, 2013 11.0.02 OOC* Latest release. This patch fixes specific security issues.

Acrobat and Reader X

Feb 20, 2013 10.1.6 OOC* Latest release. This patch fixes specific security issues.

Acrobat and Reader 9.x and 8.x

Feb 20, 2013 9.5.4 OOC* Latest release. This patch fixes specific security issues.

...allegedly! :)

*Out-of-cycle patch (OOC): An update targeted at security fixes. These noncumulative patch files contain few functional updates with the intention to limit impact.

Link to comment
Share on other sites

Create a free account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...