Categories: Security

Flaw Attracts Attacks In PDF Reader And Acrobat

Adobe Systems is warning users about a new vulnerability being exploited in the wild. Anti-malware researchers at McAfee have confirmed that they found evidence of at least one exploit.

According to Adobe, the vulnerability can be used to “cause a crash and potentially allow an attacker to take control of the affected system.” The bug exists in Adobe Reader 9.3.4, and earlier, for Windows, Macintosh and Unix systems. It also exists in Adobe Acrobat up to version 9.3.4 for Mac and Windows.

Adobe did not provide technical details of the vulnerability but it is thought to be the way the applications handle TrueType fonts. An advisory by security specialist Secunia advised users not to open untrusted files. It said that the issue is caused by “a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by … tricking a user into opening a specially crafted PDF file.”

Buffer Overflow Corrupts Stack

McAfee researchers have been looking more closely and liken it to an old attack that exploited the way Adobe parsed TIFF graphics files.

The latest version of Adobe Reader has been compiled with stack protection guarding the pointers to code to be executed. The new exploit uses a return oriented programming (ROP) exploit to bypass this protection, as well as data execution prevention (DEP), and inject malicious code into the execution process.

“Unfortunately, there are no mitigations we can offer,” a spokesperson told eWEEK in an email. “However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up-to-date.”

Adobe officials were unable to say when a patch would be available but confirmed that the company would continue to provide users with updated information. They also thanked Mila Parkour of Contagiodump [Ewww, is that a real name?- Editor] for reporting the flaw and working on this issue with them.

Adobe, like other software vendors has had to issue patches on a regular basis.


Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

22 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

23 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

24 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago