IT News & Technology update

Provide comprehensive update related to Computer, technology, software, anti virus and another electric device

The bug found on Adobe Reader and Acrobat 9.4

Written by IT News on 6:25 PM

The bug found on Adobe Reader and Acrobat 9.4

This news also called "Adobe Reader and Acrobat Hit by New Zero-Day", VUPEN French company's security research confirms that Adobe Reader and Acrobat vulnerability is reported as the day before zero-day, can be exploited to execute arbitrary code.

According to intelligence vendors are known vulnerabilities, defects caused by a heap corruption error in EScript.api plugin, which can occur when processing printSeps function is called ().

VUPEN wrote in the advisory that the vulnerability is "can be exploited by attackers to crash an affected application or potentially compromise a vulnerable system by tricking users to open PDF files specially made."

The bug affects Adobe Reader and Acrobat 9.4 and successful exploitation has been confirmed on both Windows 7 and Windows XP SP3.

A proof-of-concept target PDF exploit this flaw was sent yesterday to the mailing list Full Disclosure by an anonymous reporter, with comments "mystery in the puzzle."

However, it seems that the vulnerability has been known in some circles for almost a year. The details about it published in Russian language blog called "[Security Solutions] Research Lab," in November, 2009.

Blog post describing the condition of denial of service, but does not mention the execution of arbitrary code. This refers to the printSeps as "undocumented method."

This news could not come at a worse time for Adobe, which has been dealing with the day being actively exploited Flash Player zero.

vulnerability was discovered last week and also affects the Flash interpreter in Adobe Reader and Acrobat. In fact, an attack in-the-wild exploit only so far, have been using SWF malicious content embedded into the PDF document.

The company plans to release a security update for both products during the week 15 November, however, an unexpected development could interfere with the patch schedule.

Adobe Product Security Incident Response Team (PSIRT) has not commented on the new vulnerability, but given the confirmation VUPEN, an official advisory was imminent.

Related Posts by Categories

Widget by Hoctro | Jack Book
  1. 0 comments: Responses to “ The bug found on Adobe Reader and Acrobat 9.4 ”

Search This Blog

Ads and Sponsored by:

Want to subscribe?

Subscribe in a reader.