Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42870
  • Total Topics: 16079
  • Online Today: 3869
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 05. November 2008., 08:13:08 »



Adobe Tuesday is expected to disclose a security vulnerability in an older version of its Reader document viewing software, according to Core Security. The security vendor discovered a flaw in Adobe Reader 8.1.2 that would allow an attacker to compromise a machine via the malicious use of a PDF.

Ironically, Adobe had urged users back in February to update to this version to avoid vulnerabilities in earlier versions of Reader.   

According to Ivan Arce, CTO at Core Security, the problem can be traced to a vulnerability in the JavaScript engine that allows an attacker to send a PDF with malicious JavaScript embedded in it to wholly compromise any computer using Adobe.

"The end result is if a user opens the PDF file with the malicious JavaScript in it, the attacker will be able to completely compromise the machine," Arce says. "It becomes like a Trojan."

Users can update Adobe Reader 8.1.2 with a patch that Adobe will release Tuesday to prevent this attack. Alternatively, users can upgrade to the current release, Reader 9.0, because the vulnerability hasn't been found in that version. Arce says Core Security discovered the JavaScript vulnerability in May and reported it to Adobe, but the company has taken until now to officially release a patch.

(NetworkWorld)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising