Zero-Day Adobe Reader Exploit Found in the Wild

[Peaches]

<h1 style="margin: 0in 0in 0.0001pt;"></h1>

Zero-Day Adobe Reader Exploit Found in the Wild

Users are recommended to disable JavaScript or blacklist the affected API call

By Lucian Constantin, Web News Editor

16th of December 2009, 13:20 GMT

A new critical arbitrary code execution vulnerability affecting all versions of Adobe Reader and Acrobat is currently being exploited to infect the computers of unsuspecting users. After reports of ongoing attacks have surfaced, Adobe confirmed the flaw and offered temporary mitigation solutions.

This year has been very bad for Adobe in terms of security incidents. Critical vulnerabilities that lead to full system compromise have plagued some of its most widespread products, such as Adobe Flash Player or Adobe Reader. Many of these led to zero-day attacks, or in other words, attacks that exploited the flaws before the company had time to patch them.

The latest attacks are performed through maliciously crafted PDF files and target a vulnerable JavaScript method called Doc.media.newPlayer(). "We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least December 11, 2009.

Read more at softpedia - http://news.softpedia.com/news/Zero-Day-Adobe-Reader-Exploit-Found-in-the-Wild-129921.shtml