Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"when i login to face book it tells me i am cookies enabled what does this mean"
on Ads on Facebook serving up adware
by celeste | Nov 21, 2008 5:15 PM
 
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
Application Flaws

Vulnerability in Adobe Acrobat leads to public exploit

  • Email a Friend
  • Print Page
Related Articles
By Dan Kaplan
Jun 25, 2008 9:51 AM
Tags: Adobe | vulnerabilities&exploits | | Adobe | Acrobat |
Adobe has updated its Reader and Acrobat products to shore up a major vulnerability that already is being exploited in the wild, the company said.

An Adobe advisory said the "critical" vulnerability, spotted in Reader and Acrobat 8.1.2 and earlier versions, is related to an unspecified JavaScript input validation issue. If exploited, the bug could permit remote code execution.

Andrew Storms, director of security operations at vendor nCircle, said on Tuesday that Adobe this year already has patched at least one other Acrobat flaw related to a JavaScript error.

"It would appear that Adobe has an epidemic with regard to JavaScript," he told SCMagazineUS.com in an email. "One begins to wonder just how many more are yet to be found. We may be witnessing an interesting twist. It appears that Microsoft Word might be on the track to be more secure, while Adobe Acrobat is going in the opposite direction."

An Adobe spokesman did not disagree but downplayed any outbreak.

"It's true that some recent vulnerabilities with Adobe Reader have been associated with JavaScript," the spokesman said. "Vulnerabilities often follow trends as security researchers gravitate to certain areas, and that is likely what we're seeing here. As always, we take the security of our products and technologies seriously, and continue to invest a considerable amount of ongoing effort to ensure users are protected."

Storms said Adobe released few details about this latest vulnerability, probably to ward off the potential for further exploits. Adobe said in its advisory that is has received reports of exploits appearing in the wild.

Jason Lam, a senior security analyst at a Canada-based financial institution and a handler for the SANS Internet Storm Center, warned of an uptick in compromised websites being used to distribute the exploit.

"This is likely to appear in a malware spreading website near you soon
given the track record of the botnet operators," he wrote on the Storm Center's blog. "Suggest [you] update this one
as soon as possible."

Adobe Reader and Acrobat versions 7.1.0 are not affected.

See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
adobe clickjacking critical email enable exploits flash flaw injection microsoft mounting openoffice patches player reader software technologies update vulnerabilities vulnerability