Adobe Reader and Acrobat Hit by New Zero-Day


Recommended Posts

Adobe Reader and Acrobat Hit by New Zero-Day

French security research company VUPEN confirmed that an Adobe Reader and Acrobat vulnerability reported as a zero-day earlier today, can be exploited to execute arbitrary code.

According to the reputed vulnerability intelligence vendor, the flaw is caused by a heap corruption error in the EScript.api plugin, which can occur when processing a function called printSeps().

VUPEN writes in its advisory that the vulnerability "could be exploited by attackers to crash an affected application or potentially compromise a vulnerable system by tricking a user into opening a specially crafted PDF file." The bug affects Adobe Reader and Acrobat 9.4 and successful exploitation was confirmed on both Windows 7 and Windows XP SP3. A proof-of-concept PDF exploit targeting this flaw was sent yesterday to the Full Disclosure mailing list by a anonymous reporter, with the comment "a mystery inside an enigma."

http://news.softpedia.com/news/New-Zero-Day-Vulnerability-Hits-Adobe-Reader-and-Acrobat-164870.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...