Friday, September 21st 2007

Critical Zero-Day Adobe PDF Bug Compromises Windows

A critical zero-day PDF bug in Adobe's Acrobat Reader has been discovered. The scenario is that an attacker rigs a PDF file designed to exploit the flaw. He or she distributes it via e-mail or through other means, or hosts it on a Web page. When a user opens the rigged PDF file with a vulnerable application, the user's machine can be loaded with malware that makes it open to a takeover. This PDF vulnerability is even worse than the QuickTime flaw in Mozilla Firefox fixed 2 days ago. Both Mozilla Firefox flaw and PDF bugs have been discovered by Petko D. Petkov, aka pdp. The story comes as warning to all users working with Acrobat Reader. Please be careful until a fix is released. Click here or read Petko's web blog for more information.Source: eWeek
Add your own comment

6 Comments on Critical Zero-Day Adobe PDF Bug Compromises Windows

#1
malware
Hey, Petko is Bulgarian just like me, the man is becoming a legend. Two big flaws discovered by him in one week! :respect:
Posted on Reply
#2
Wile E
Power User
Hmmm, from reading his comments on his blog page, it seems it affects Foxit PDF reader as well, but to a lesser degree. Hope an update comes soon.
Posted on Reply
#3
WarEagleAU
Bird of Prey
Man, it seems everything is getting infected these days.
Posted on Reply
#4
ex_reven
by: Wile E
Hmmm, from reading his comments on his blog page, it seems it affects Foxit PDF reader as well, but to a lesser degree. Hope an update comes soon.
Meh, its no different to uploading a trojan laden .exe.
Any file downloaded from the 'net should be expected to be a virus unless you explicitly know or trust the person, website providing the file.

Is the PDF in question any more difficult for AV to pick up?
Posted on Reply
#5
Helvetica
If you download a questionable .exe file, run a virus scan before opening it. I hate PDFs anyway. I avoid them at all costs. Takes ages to load now matter how powerful your PC is.
Posted on Reply
#6
Wile E
Power User
by: Helvetica
If you download a questionable .exe file, run a virus scan before opening it. I hate PDFs anyway. I avoid them at all costs. Takes ages to load now matter how powerful your PC is.
Not if you use Foxit PDF Reader. http://www.foxitsoftware.com/pdf/rd_intro.php
Posted on Reply