iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Adobe Reader Still Open To Exploits
Search:
[ insider_reports_insider ]

Adobe Reader Still Open To Exploits



David Utter
Staff Writer
2007-01-10

SecurityProNews: Insider Reports Insider Reports RSS Feed


The continued shift of attacks from operating system components to application software has compelled security researchers to comb popular apps for vulnerabilities. Older versions of Adobe Reader have again been found with a weak spot.

Adobe Reader Still Open To Exploits
Adobe Reader Still Open To Exploits

Only a week after warnings of a flaw in how older versions of Adobe Reader plugins could pass unsanitized code that could lead to a cross-site scripting exploit has another problem been spotted.

This time like the sanitzation flaw, the problem rests in Adobe Reader version prior to 7.0.9. Version 8 is not impacted by this new vulnerability, and it's starting to look like Adobe quietly fixed quite a few issues in their newest Adobe Reader.

The latest problem disclosed by advisory firm Secunia documented how Adobe Reader could be susceptible to heap corruption. Researcher Piotr Bania independently discovered the problem last September and reported it to Adobe.

A maliciously crafted PDF file could trigger the heap corruption condition. Once exploited, arbitrary code could be executed on the system running the vulnerable Adobe Reader.

Such arbitrary code could cause a variety of problems. Crashing Adobe Reader would be the least of those worries. Adobe advised people using its product to upgrade to 7.0.9, and strongly encouraged an upgrade to Adobe Reader 8 where possible.

The Adobe Reader has a broad userbase across multiple operating system platforms. Adobe may be more plagued than most companies with future security concerns about Reader as criminals attempt to get onto as many systems as possible, and if they can do so through a widely used product with a vulnerability, they will do so.

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the updates -




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds