Adobe Reader may have critical hole
A critical security hole that attackers can use to compromise a system supposedly exists in Adobe Reader. Apparently, the attack is triggered merely by opening a manipulated PDF document. But security blogger Petko Petkov (pdp) who discovered the bug does not provide any additional details.
Petkov has already published details on several vulnerabilities in products including Firefox with a QuickTime plug-in, the Second Life client, and the Firebug JavaScript debugger. The developers of Firefox, QuickTime, and Firebug confirmed the flaws and remedied them. Petkov's report about the PDF hole should therfore be taken seriously even though he does not provide any additional information. In the comments on his blog entry, Petkov has, however, added a video showing that the Windows calculator starts when a PDF document is opened. Petkov says that Adobe has already confirmed the vulnerability.
Petkov advises users to refrain from opening untrusted PDF files until an update has been released. In addition to Adobe Reader 7.0, 8.0, and 8.1 running on Windows XP with service pack 2 and Internet Explorer 7, alternative PDF readers such as FoxIt are also reportedly affected and therefore do not constitute workarounds. The flaw reportedly does not affect Windows Vista.
- 0day: PDF pwns Windows, Petko Petkov's security advisory (pdp)
- 0day: PDF pwns Windows, pdp's security advisory on the Full Disclosure mailing list
- Video on YouTube by pdp demonstrating the hole
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
