Monday, April 27, 2009

Adobe Investigating New Vulnerabilities in Reader

Larry Seltzer writes on eWeek:

Adobe says they are investigating reports of a new vulnerability in their PDF Reader program.

The Adobe report refers to a single vulnerability report on SecurityFocus, but in fact there are two similar reports there, both credited to "Arr1val." Both include proof of concept Javascript code.

Both vulnerabilities are reported as affecting Adobe Acrobat Reader 8.1.4 and 9.1. Arr1val tested them on Linux, not other platforms, but it's highly plausible, based on the reports and the proof of concept code that they are portable to other operating systems. The actual exploits, which call shell code, are not likely as portable, as the details of an exploit are often platform-specific.

More here.


Post a Comment

<< Home