Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 28th, 2009

Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function

Adobe Reader is prone to a remote code-execution vulnerability according to recent SecurityFocus advisory. Proof-of-concept exploit code has been published for a new zero-day vulnerability haunting Adobe’s widely deployed PDF Reader software.

In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating the issue, which affects Adobe Reader 9.1 and 8.1.4.  “We are currently investigating, and will have an update once we get more information,” according to Adobe’s David Lenoe.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected.

Adobe’s PDF Reader software is a popular target for malware authors so, in the absence of a patch, users should consider using an alternative product. The exploit popped few days after F-Secure warned about Adobe Acrobat Reader, suggested to uninstall it from the system and move to an alternative such as Foxit Reader.

Credit: ZDNet Security Blogs

Share this item with others:

More on CyberInsecure:
  • Confirmed Zero-day Flash Vulnerability In Latest Adobe Reader And Acrobat 9.1.2, Adobe Flash Player 9 And 10
  • Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks
  • Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched
  • Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat
  • Critical Adobe Reader Vulnerability Under Attack, Allows Complete Control Of User’s Computer

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.