In association with heise online

25 June 2008, 09:56

New danger from PDF files

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe reports that a hole in its Acrobat and Adobe Reader products is actively being exploited. It appears that the programs do not check the parameters of a JavaScript method adequately. As a result, attackers can use crafted PDF files to execute code at the privilege level of the logged-on user or at least to crash the system. The vendor gives no further details.

Similar holes have often been exploited in the past to deploy malicious software via web pages on a large scale. Only at the beginning of June, F-Secure warned about targeted attacks involving PDF trojans which were sent out via emails.

Versions up to 7.0.9 and versions 8.0 to 8.1.2 of Reader and Acrobat are affected. Adobe has released updated versions which no longer contain the flaw. Due to the imminent danger it is advisable to update immediately.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735591
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit