Home > Security News > Attackers target critical Adobe PDF flaw
Security News:
EMAIL THIS

Attackers target critical Adobe PDF flaw

By SearchSecurity.com Staff
10 Nov 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Attackers may be trying to exploit flaws in Adobe Reader by using attack code modified to evade antivirus products.

The Bethesda, Md.-based SANS Internet Storm Center (ISC) warned that malicious PDF files are exploiting the JavaScript buffer overflow vulnerability in Adobe Reader. ISC handler Bojan Zdrnja wrote on the site that proof-of-concept code was published shortly after Adobe Systems Inc. released an update repairing the flaw.

"The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval (unescape()) call," Zdrnja said.

Adobe released an update for Adobe Reader 8 and Acrobat 8. An attacker can pass a malicious PDF file to corrupt memory and cause the programs to crash. Adobe said.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. Secunia said the flaws could be used to gain escalated privileges.



Tags: Securing Productivity ApplicationsSecurity Patch ManagementVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Securing Productivity Applications
How to detect software tampering
Adobe fixes 29 flaws in Acrobat, Reader
Adobe warns of critical update for Reader, Acrobat 9.1.3
Why should we place data files on a separate partition than the OS?
Adobe updates ColdFusion, JRun, Flex
Serious Adobe Flash flaw being exploited
Adobe acknowledges serious Flash zero-day vulnerability
Adobe issues security advisory for Flash zero-day flaw
When to use the service features of the Metasploit hacking tool
How to manage patches for Adobe

Security Patch Management
Squad: Tokenization, Phishing and the Feds
Should management processes change based on a patch release schedule?
Should Windows Mobile updates come from Microsoft?
Adobe updates ColdFusion, JRun, Flex
Trusteer CEO criticizes Adobe, touts better patch deployments
Patch management study shows IT taking significant risks
Vulnerability mitigation study shows need for faster patching
Microsoft to issue security report card, new tool at Black Hat
How to manage patches for Adobe
When is it suitable to remove Java updates?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
sheepdip  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts