Adobe Reader may have critical hole
A critical security hole that attackers can use to compromise a system supposedly exists in Adobe Reader. Apparently, the attack is triggered merely by opening a manipulated PDF document. But security blogger Petko Petkov (pdp) who discovered the bug does not provide any additional details.
Petkov advises users to refrain from opening untrusted PDF files until an update has been released. In addition to Adobe Reader 7.0, 8.0, and 8.1 running on Windows XP with service pack 2 and Internet Explorer 7, alternative PDF readers such as FoxIt are also reportedly affected and therefore do not constitute workarounds. The flaw reportedly does not affect Windows Vista.
- 0day: PDF pwns Windows, Petko Petkov's security advisory (pdp)
- 0day: PDF pwns Windows, pdp's security advisory on the Full Disclosure mailing list
- Video on YouTube by pdp demonstrating the hole