atw: Security vulnerability email extracts - Critical Adobe Reader problem.

• From: "Warren Lewington" <wjlewington@xxxxxxxxxx>
• To: <austechwriter@xxxxxxxxxxxxx>
• Date: Fri, 1 May 2009 19:20:16 +1000

(1) CRITICAL: Adobe Reader JavaScript Handling Remote Code Execution

Affected:

Adobe Acrobat Reader versions 9.1 and prior

Description: Adobe Acrobat Reader is Adobe's viewer for the Portable
Document Format (PDF). It is the de facto standard PDF viewer for many
platforms. It contains a flaw in its handling of JavaScript scripts embedded
in PDF documents. A specially crafted document containing a malicious script
could exploit this vulnerability, and leverage it to execute arbitrary code
with the privileges of the current user. PDF documents are often opened upon
receipt without first prompting the user. A proof-of-concept for this
vulnerability is publicly available and it is believed that this
vulnerability is being exploited in the wild.

Status: Vendor confirmed, no updates available. Users are advised to disable
JavaScript processing in PDF documents, if possible.

References:

Vendor Home Page

http://www.adobe.com/

Proof-of-Concept

http://downloads.securityfocus.com/vulnerabilities/exploits/34740.txt

SecurityFocus BID

http://www.securityfocus.com/bid/34740

**********************************************************************

 

Warren Lewington

 

WJL Consulting

 

M: 0408 612 752

P: +612 9876 5345

F: By arrangement

PO Box 404 

Liverpool, NSW

Australia

 

The information contained in this e-mail is confidential. It is only
intended for the recipient/s named above. If you are not the intended or one
of the intended recipient/s, any unauthorised use is prohibited. If you have
received this e-mail in error, please notify the sender so that arrangements
can be made for its retrieval or destruction.

 

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription