Our comments and trackback policy You Link We Follow, You Comment We Promote

There’s a critical, remotely exploitable vulnerability in Adobe Acrobat/Reader version 8. This effects Adobe Acrobat reader installed on Windows platform.

According to a recent report by Core Security, Adobe Reader is said to have a critical bug that could allow manipulated PDF’s to be sent and then after opening the user could be exploited via the rigged file.

The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the “util.printf()” JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.

A specifically crafted PDF file that embeds JavaScript code to manipulate the program’s memory allocation pattern and trigger the vulnerability can allow an attacker to execute arbitrary code with the privileges of a user running the Adobe Reader application.

Adobe Reader 8.1.2 and Adobe Acrobat 8.1.2 are effected by the security flaws.

Update could be found at http://www.adobe.com/support/downloads/detail.jsp?ftpID=4084.

My personal advise would be for you to use Adobe Acrobat Reader 9.0 which has much features within itself and well is quite brilliant if you care about collaboration from within your files. You can download that from here.

[via CoreSecurity]