In association with heise online

21 September 2007, 10:48

Adobe Reader may have critical hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A critical security hole that attackers can use to compromise a system supposedly exists in Adobe Reader. Apparently, the attack is triggered merely by opening a manipulated PDF document. But security blogger Petko Petkov (pdp) who discovered the bug does not provide any additional details.

Petkov has already published details on several vulnerabilities in products including Firefox with a QuickTime plug-in, the Second Life client, and the Firebug JavaScript debugger. The developers of Firefox, QuickTime, and Firebug confirmed the flaws and remedied them. Petkov's report about the PDF hole should therfore be taken seriously even though he does not provide any additional information. In the comments on his blog entry, Petkov has, however, added a video showing that the Windows calculator starts when a PDF document is opened. Petkov says that Adobe has already confirmed the vulnerability.

Petkov advises users to refrain from opening untrusted PDF files until an update has been released. In addition to Adobe Reader 7.0, 8.0, and 8.1 running on Windows XP with service pack 2 and Internet Explorer 7, alternative PDF readers such as FoxIt are also reportedly affected and therefore do not constitute workarounds. The flaw reportedly does not affect Windows Vista.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit