What's New: Bug In Acrobat Reader Allows Remote Code Execution

A buffer overflow in Adobe (Acrobat) Reader can allow malware to install itself onto a system, even if the PDF file is not actually opened. Reportedly, displaying the Acrobat icon in a browser or other application can be sufficient to trigger the flaw. Adobe promises a fix for Reader 9.0 by March 11, with fixes for 7.x and 8.x versions to follow thereafter. In the meantime, users can protect their PCs somewhat by disabling JavaScript, via opening the Edit/Preferences menu in Reader, selecting the JavaScript category, and unchecking "Enable Acrobat JavaScript." However newer evidence has come to light that this does not completely block the vulnerability, so users should use caution when downloading and opening PDF files until Adobe releases a fix.

Update 3-12-09: A proof-of-concept has come to light that demonstrates how simply storing malicous file on a PC or server that is running the Windows Indexing Service could trigger this vulnerability. ITS recommends all clients upgrade to Acrobat Reader 9.1 as soon as possible.

[Article originally published Feb 24 2009]

Thursday, Mar 12, 2009 11:45 am CDT

Tell a friend about this news item!

Return to the article list...