Adobe Reader Exploit - Beware
Several Adobe Acrobat exploits have been discovered to inflict potentially serious damage on unwary users.
One exploit simply takes the reader to the cyber-criminal's web site, or launches harmful code while launching the reader in a browser.
Steve Ragan has reported on the exploit causing a denial of service to lock up Adobe Reader after tricking it into thinking it is opening a PDF file. For this exploit, there is currently no patch. Users should avoid opening random PDF links on unknown websites.
See: http://tech.monstersandcritics.com/news/printer_1238374.php
Barracuda Report
Barracuda has reported on a Cross-Site Scripting Exploit Found in the Adobe Reader Browser Plug-In.Stephen Pao, VP Barracuda Networks says:
"The cross-site scripting vulnerability in Adobe Reader presents a real threat to email users -- an attacker could design an email with an embedded Web link to a PDF file of a reputable site that runs arbitrary code on the user’s Web browser."
The Adobe Reader vulnerability affects users who utilize the Adobe Reader plug-in to view Adobe Acrobat Portable Document Format (PDF) files within their Web browsers -- allowing the attacker to run code in the user’s Web browser. The exploit can run against PDF documents posted on reputable Web sites without requiring an attacker to compromise that site in any way.
------------------------------
Got News?
We'd love to hear about your software or hardware discoveries... just post at: our review input forms------------------------------
