Categories: Security

Flaw Attracts Attacks In PDF Reader And Acrobat

Adobe Systems is warning users about a new vulnerability being exploited in the wild. Anti-malware researchers at McAfee have confirmed that they found evidence of at least one exploit.

According to Adobe, the vulnerability can be used to “cause a crash and potentially allow an attacker to take control of the affected system.” The bug exists in Adobe Reader 9.3.4, and earlier, for Windows, Macintosh and Unix systems. It also exists in Adobe Acrobat up to version 9.3.4 for Mac and Windows.

Adobe did not provide technical details of the vulnerability but it is thought to be the way the applications handle TrueType fonts. An advisory by security specialist Secunia advised users not to open untrusted files. It said that the issue is caused by “a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by … tricking a user into opening a specially crafted PDF file.”

Buffer Overflow Corrupts Stack

McAfee researchers have been looking more closely and liken it to an old attack that exploited the way Adobe parsed TIFF graphics files.

The latest version of Adobe Reader has been compiled with stack protection guarding the pointers to code to be executed. The new exploit uses a return oriented programming (ROP) exploit to bypass this protection, as well as data execution prevention (DEP), and inject malicious code into the execution process.

“Unfortunately, there are no mitigations we can offer,” a spokesperson told eWEEK in an email. “However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up-to-date.”

Adobe officials were unable to say when a patch would be available but confirmed that the company would continue to provide users with updated information. They also thanked Mila Parkour of Contagiodump [Ewww, is that a real name?- Editor] for reporting the flaw and working on this issue with them.

Adobe, like other software vendors has had to issue patches on a regular basis.


Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

19 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

21 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

22 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

23 hours ago