Home > Security News > Attackers target critical Adobe PDF flaw
Security News:
EMAIL THIS

Attackers target critical Adobe PDF flaw

By SearchSecurity.com Staff
10 Nov 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Attackers may be trying to exploit flaws in Adobe Reader by using attack code modified to evade antivirus products.

The Bethesda, Md.-based SANS Internet Storm Center (ISC) warned that malicious PDF files are exploiting the JavaScript buffer overflow vulnerability in Adobe Reader. ISC handler Bojan Zdrnja wrote on the site that proof-of-concept code was published shortly after Adobe Systems Inc. released an update repairing the flaw.

"The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval (unescape()) call," Zdrnja said.

Adobe released an update for Adobe Reader 8 and Acrobat 8. An attacker can pass a malicious PDF file to corrupt memory and cause the programs to crash. Adobe said.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. Secunia said the flaws could be used to gain escalated privileges.



Tags: Securing Productivity ApplicationsSecurity Patch ManagementVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Securing Productivity Applications
Adobe ColdFusion websites being compromised
Adobe fixes critical Shockwave Flash Player flaw
Adobe issues first quarterly patch release fixing 13 flaws
Adobe shifts to Microsoft patching process, incident response plan
Balancing security and performance: Protecting layer 7 on the network
Software Piracy pandemic needs government role, better vendor antipiracy plans
McAfee to acquire Solidcore Systems for whitelisting
Adobe issues Reader update fixing zero-day flaw
Microsoft to patch critical PowerPoint zero-day flaw
PCI DSS: Best practices for compliance

Security Patch Management
Adobe fixes critical Shockwave Flash Player flaw
Mozilla patches 11 Firefox security flaws, JavaScript errors
Microsoft patches WebDAV security vulnerability in bevy of updates
Adobe issues first quarterly patch release fixing 13 flaws
Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities
Adobe shifts to Microsoft patching process, incident response plan
Software delivery could fix software patching issues
Microsoft updates Office to address serious PowerPoint vulnerabilities
Microsoft to patch critical PowerPoint zero-day flaw
Firefox update addresses several security flaws

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
sheepdip  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts