Acrobat Reader Injection
Posted by admin on June 24, 2008
Are code injection attacks ever going to stop? According to a statement dated June 23, 2008, Adobe has identified a critical vulnerability in Adobe Reader and Adobe Acrobat 8.1.2.
Is that bad? Again, according to Adobe, “This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.”
What to do? Adobe recommends users of Acrobat 8 and Adobe Reader install the 8.1.2 Security Update 1 patch. You can download the appropriate Windows and Macintosh update patches (for Acrobat and Acrobat Reader) directly from Adobe’s Security Advisory web site.
By the way, people using Acrobat Reader 7.0 through 7.0.9 should upgrade to Reader 7.1.
If everything goes according to plan, the update should resolve input validation issues in JavaScript methods that could potentially lead to remote code execution. And yes, Adobe admits that reports have been made, claiming this issue has already been exploited in the wild.
Additional articles about this exploit:
Filed Under: Applications and Software Tools
