Friday, September 21, 2007

Adobe PDF ZeroDay

Via GUNCITIZEN -

I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.

The issue is quite critical given the fact that PDF documents are in the core of today’s modern business. This and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs. You have to take my word for it. The POCs will be released when an update is available.

Highlight from the Comments
-------------------

1) it affects both… embedded and standalone [PDF Files].

2) Windows Vista users are not affected.
3) The PDF issue is officially confirmed by Adobe’s team. Foxit is vulnerable as well, although the user is required to interact with the document in order to launch the exploit.

No comments:

Post a Comment