Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function
Adobe Reader is prone to a remote code-execution vulnerability according to recent SecurityFocus advisory. Proof-of-concept exploit code has been published for a new zero-day vulnerability haunting Adobe’s widely deployed PDF Reader software.
In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating the issue, which affects Adobe Reader 9.1 and 8.1.4. “We are currently investigating, and will have an update once we get more information,” according to Adobe’s David Lenoe.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected.
Adobe’s PDF Reader software is a popular target for malware authors so, in the absence of a patch, users should consider using an alternative product. The exploit popped few days after F-Secure warned about Adobe Acrobat Reader, suggested to uninstall it from the system and move to an alternative such as Foxit Reader.
Credit: ZDNet Security Blogs
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.