Zero-day vulnerability in Adobe Reader
Contributed by: Email on 02/13/2013 04:11 PM
[
Comments
]
Adobe Reader appears to be suffering from a critical zero-day vulnerability that allows criminals to inject malicious code into a system. A report by researchers from FireEye says they have encountered a specially crafted PDF document which, when opened, drops two DLLs into Windows.
The first of these DLLs runs cover for the other by displaying a fake error message and opening a decoy PDF document. The other DLL includes a callback component which talks over HTTP to a remote domain. According to FireEye, the exploit used has been successful on Adobe Reader 9.5.3, 10.1.5 and 11.0.1. Older versions might also be affected.
The researchers have already informed Adobe of their discovery and the Adobe PSIRT (Product Security Incident Response Team) has confirmed that it is currently investigating the report. To be on the safe side, users should only use Acrobat Reader to open PDF documents from trusted sources and should disable the Adobe PDF plugin inside browsers.
The first of these DLLs runs cover for the other by displaying a fake error message and opening a decoy PDF document. The other DLL includes a callback component which talks over HTTP to a remote domain. According to FireEye, the exploit used has been successful on Adobe Reader 9.5.3, 10.1.5 and 11.0.1. Older versions might also be affected.
The researchers have already informed Adobe of their discovery and the Adobe PSIRT (Product Security Incident Response Team) has confirmed that it is currently investigating the report. To be on the safe side, users should only use Acrobat Reader to open PDF documents from trusted sources and should disable the Adobe PDF plugin inside browsers.
Comments
