Attackers target critical Adobe PDF flaw Staff

Attackers may be trying to exploit flaws in Adobe Reader by using attack code modified to evade antivirus products.

The Bethesda, Md.-based SANS Internet Storm Center (ISC) warned that malicious PDF files are exploiting the JavaScript

    Requires Free Membership to View

buffer overflow vulnerability in Adobe Reader. ISC handler Bojan Zdrnja wrote on the site that proof-of-concept code was published shortly after Adobe Systems Inc. released an update repairing the flaw.

"The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval (unescape()) call," Zdrnja said.

Adobe released an update for Adobe Reader 8 and Acrobat 8. An attacker can pass a malicious PDF file to corrupt memory and cause the programs to crash. Adobe said.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. Secunia said the flaws could be used to gain escalated privileges.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: