Adobe Microsoft Security Windows

Another Day, Another Vulnerability: This Time its Adobe Reader

Courtesy of Lars Hammar – http://www.flickr.com/photos/7603557@N08/

So guys, I come back bearing some bad news.  Yet another vulnerability has been found and is currently being exploited in the wild.  This time, it comes in the flavor of Adobe Reader.

The vulnerability, which was discovered by FireEye, mentions that it is a critical vulnerability that will allow those with malicious intent to inject code into a system.  They state that someone could create a special PDF document that could drop two DLL files onto a Windows machine.  The first generates a fake error message and opens up a fake PDF while the second one sets up base to talk to the hacker.  They also state that it works with the most recent versions of Adobe Reader.

FireEye recommends that users switch from using Adobe Reader and disable it from being used in your web browsers. You can follow the instructions here (obviously substituting Java for Adobe Reader). TheNextWeb recommends FoxIt, as a suitable replacement.

Adobe has also been contacted in the matter and has stated that they are aware of the vulnerability and was something that they had mentioned before on their blog.

Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information.

Leave a Reply

Your email address will not be published. Required fields are marked *