Attackers target critical Adobe PDF flaw

The SANS Internet Storm Center (ISC) warns that attackers may be attempting to exploit flaws in Adobe Reader to hijack computer systems.

Attackers may be trying to exploit flaws in Adobe Reader by using attack code modified to evade antivirus products.

The Bethesda, Md.-based SANS Internet Storm Center (ISC) warned that malicious PDF files are exploiting the JavaScript buffer overflow vulnerability in Adobe Reader. ISC handler Bojan Zdrnja wrote on the site that proof-of-concept code was published shortly after Adobe Systems Inc. released an update repairing the flaw.

"The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval (unescape()) call," Zdrnja said.

Adobe released an update for Adobe Reader 8 and Acrobat 8. An attacker can pass a malicious PDF file to corrupt memory and cause the programs to crash. Adobe said.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. Secunia said the flaws could be used to gain escalated privileges.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close