Security Bytes

Sep 21 2007   5:57AM GMT

Another day, another Windows zero-day

Leigha Leigha Cardwell Profile: Leigha

This hasn’t been the best of weeks for Windows administrators. First came news that Jonathan Sarba of the GoodFellas Security Research Team had discovered a flaw in the MFC42 and MFC71 libraries offered natively in Windows.

Now, researcher Petko D. Petkov — discoverer of the QuickTime attack vector Mozilla moved to block this week with a Firefox security update — is warning of a serious flaw in Adobe Acrobat/Reader in which .pdf files can be used to compromise a Windows machine. Petkov says in his blog that this can be done “Completely!!! Invisibly and unwillingly!!! All it takes is to open a .pdf document or stumble across a page which embeds one.”

He adds in the blog posting: “The issue is quite critical given the fact that .pdf documents are in the core of today’s modern business. This and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs (proof-of-concept code). You have to take my word for it. The POCs will be released when an update is available.”

The folks at the SANS Internet Storm Center warned about the flaw on its Web site, but said they have no information about any exploits.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: