In association with heise online

10 November 2008, 14:35

Hackers exploit PDF security flaws

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers have been using the recently announced vulnerability in Adobe Reader 8 to attack Windows users, warn security experts from ISC (Internet Storm Center). The attackers are exploiting the util.printf JavaScript function to trigger a buffer overload. A PDF containing the malicious code was recognised by over 30 virus scanners at VirusTotal, although it would take only a simple obfuscation of the code to outsmart antivirus engines.

Adobe has now released version Reader 8.1.3 to address the vulnerabilities. Users of newer Windows (from Windows 2000) and Mac operating systems (from 10.4.11) should be using Adobe Reader 9, which is not vulnerable. Switching to competitive software would not necessarily guarantee greater security – six months ago, a virtually identical problem was discovered in Foxit Reader.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit