Adobe Reader Exploited...
November 2008
Hackers have painted a bull’s-eye on an Adobe Reader flaw patched by the company earlier this week. The attackers are targeting a vulnerability in Adobe Reader 8.1.2 uncovered by Core Security Technologies. According to an advisory from the SANS Institute’s Internet Storm Center, attackers are using malicious PDF files to exploit the bug, which Adobe Systems patched November 4. If successfully exploited, the bug could allow hackers to take complete control of a compromised system. The bug lies in the way Adobe Reader implements the java_script util.printf() function, and makes it possible to overwrite the program’s memory and control its execution flow. Exploit code for the flaw has already been posted to Milw0rm. In addition to Reader, the bug affects Adobe Acrobat 8.1.2. Officials at Adobe advise users to either update their software to Version 9 of Reader and Acrobat, which are not susceptible to the attack, or deploy the patch.
Hackers have painted a bull’s-eye on an Adobe Reader flaw patched by the company earlier this week. The attackers are targeting a vulnerability in Adobe Reader 8.1.2 uncovered by Core Security Technologies. According to an advisory from the SANS Institute’s Internet Storm Center, attackers are using malicious PDF files to exploit the bug, which Adobe Systems patched November 4. If successfully exploited, the bug could allow hackers to take complete control of a compromised system. The bug lies in the way Adobe Reader implements the java_script util.printf() function, and makes it possible to overwrite the program’s memory and control its execution flow. Exploit code for the flaw has already been posted to Milw0rm. In addition to Reader, the bug affects Adobe Acrobat 8.1.2. Officials at Adobe advise users to either update their software to Version 9 of Reader and Acrobat, which are not susceptible to the attack, or deploy the patch.
posted by arkietechs at 7:16 AM
0 Comments:
Post a Comment
<< Home